g.112388.xyz Open in urlscan Pro
2606:4700:3031::ac43:870a Public Scan

Go To Rescan
Add Verdict Report

URL:
https://g.112388.xyz/
Submission: On February 04 via api (February 4th 2024, 11:42:46 pm UTC) from US — Scanned from US

Summary HTTP 205 Redirects Links 288 Behaviour Indicators

Summary

This website contacted 45 IPs in 2 countries across 25 domains to perform 205 HTTP transactions. The main IP is 2606:4700:3031::ac43:870a, located in United States and belongs to CLOUDFLARENET, US. The main domain is g.112388.xyz.
TLS certificate: Issued by E1 on February 4th 2024. Valid for: 3 months.

This is the only time g.112388.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
37	2606:4700:303... 2606:4700:3031::ac43:870a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
44	151.101.193.164 151.101.193.164	54113 (FASTLY) (FASTLY)
1	108.138.129.160 108.138.129.160	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4006:80f::2008	15169 (GOOGLE) (GOOGLE)
5	151.101.129.164 151.101.129.164	54113 (FASTLY) (FASTLY)
6	52.203.246.132 52.203.246.132	14618 (AMAZON-AES) (AMAZON-AES)
3	2600:9000:251... 2600:9000:2511:600:4:b37b:9440:93a1	16509 (AMAZON-02) (AMAZON-02)
3	18.238.48.238 18.238.48.238	16509 (AMAZON-02) (AMAZON-02)
4	2607:f8b0:400... 2607:f8b0:4006:824::2002	15169 (GOOGLE) (GOOGLE)
1	108.138.106.70 108.138.106.70	16509 (AMAZON-02) (AMAZON-02)
5	13.225.68.133 13.225.68.133	16509 (AMAZON-02) (AMAZON-02)
2	18.238.55.123 18.238.55.123	16509 (AMAZON-02) (AMAZON-02)
2 4	108.139.47.33 108.139.47.33	16509 (AMAZON-02) (AMAZON-02)
2 4	68.67.161.182 68.67.161.182	29990 (ASN-APPNEX) (ASN-APPNEX)
1	104.36.115.111 104.36.115.111	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	54.166.83.173 54.166.83.173	14618 (AMAZON-AES) (AMAZON-AES)
1	34.120.63.153 34.120.63.153	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 4	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
5	2602:803:c002... 2602:803:c002:200::32	26667 (RUBICONPR...) (RUBICONPROJECT)
1	44.195.146.220 44.195.146.220	14618 (AMAZON-AES) (AMAZON-AES)
1 2	142.250.80.70 142.250.80.70	15169 (GOOGLE) (GOOGLE)
1	2600:9000:24f... 2600:9000:24f1:3a00:18:1fcd:353:c61	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:20:... 2606:4700:20::ac43:4842	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2607:f8b0:400... 2607:f8b0:4006:817::2001	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80e::2002	15169 (GOOGLE) (GOOGLE)
4	54.243.156.193 54.243.156.193	14618 (AMAZON-AES) (AMAZON-AES)
18	2607:f8b0:400... 2607:f8b0:4006:809::2002	15169 (GOOGLE) (GOOGLE)
1	20.40.202.2 20.40.202.2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2607:f8b0:400... 2607:f8b0:4006:80d::2002	15169 (GOOGLE) (GOOGLE)
4 5	142.250.72.98 142.250.72.98	15169 (GOOGLE) (GOOGLE)
3	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2607:f8b0:400... 2607:f8b0:4006:824::2006	15169 (GOOGLE) (GOOGLE)
1	2600:9000:210... 2600:9000:210b:f800:10:43f:4352:ad61	16509 (AMAZON-02) (AMAZON-02)
2	142.250.65.162 142.250.65.162	15169 (GOOGLE) (GOOGLE)
2	2606:4700:20:... 2606:4700:20::ac43:479c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2607:f8b0:400... 2607:f8b0:4006:809::200e	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4000:1f::6	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80d::2004	15169 (GOOGLE) (GOOGLE)
4	2606:4700:20:... 2606:4700:20::681a:7e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.65.194 142.250.65.194	15169 (GOOGLE) (GOOGLE)
1 2	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 3	8.28.7.82 8.28.7.82	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	162.248.18.37 162.248.18.37	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	23.197.184.18 23.197.184.18	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	192.132.33.68 192.132.33.68	18568 (BIDTELLECT) (BIDTELLECT)
2 3	52.223.22.214 52.223.22.214	16509 (AMAZON-02) (AMAZON-02)
2 2	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
205	45

37 2606:4700:3031::ac43:870a (United States)

ASN13335 (CLOUDFLARENET, US)

g.112388.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 151.101.193.164 (United States)

ASN54113 (FASTLY, US)

g1.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static01.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a1.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vp.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.129.160 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-129-160.jfk50.r.cloudfront.net

www.datadoghq-browser-agent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80f::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.129.164 (United States)

ASN54113 (FASTLY, US)

samizdat-graphql.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vp.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.203.246.132 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-203-246-132.compute-1.amazonaws.com

a.et.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2511:600:4:b37b:9440:93a1 (United States)

ASN16509 (AMAZON-02, US)

rumcdn.geoedge.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.238.48.238 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-48-238.jfk52.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:824::2002 (United States)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.106.70 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-106-70.jfk50.r.cloudfront.net

config.aps.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.225.68.133 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-68-133.ewr53.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.238.55.123 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-55-123.jfk52.r.cloudfront.net

dd.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 108.139.47.33 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-108-139-47-33.jfk50.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.67.161.182 (Jersey City, United States) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.36.115.111 (United States)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.166.83.173 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-166-83-173.compute-1.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.63.153 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 153.63.120.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.36.155 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2602:803:c002:200::32 (United States)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.195.146.220 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-195-146-220.compute-1.amazonaws.com

meter-svc.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.80.70 (Plainview, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f6.1e100.net

5290727.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:24f1:3a00:18:1fcd:353:c61 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4842 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.brandmetrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2607:f8b0:4006:817::2001 (United States)

ASN15169 (GOOGLE, US)

fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80e::2002 (United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.243.156.193 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-243-156-193.compute-1.amazonaws.com

pnytimes.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2607:f8b0:4006:809::2002 (United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.40.202.2 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

collector.brandmetrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80d::2002 (United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.72.98 (Plainview, United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s32-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.151.101 (United States)

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2607:f8b0:4006:824::2006 (United States)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:210b:f800:10:43f:4352:ad61 (United States)

ASN16509 (AMAZON-02, US)

gw.geoedge.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.65.162 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s71-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:479c (United States)

ASN13335 (CLOUDFLARENET, US)

platform.iteratehq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:809::200e (United States) 1 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4000:1f::6 (United States)

ASN15169 (GOOGLE, US)

r1---sn-q4fl6ndl.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80d::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:20::681a:7e5 (United States)

ASN13335 (CLOUDFLARENET, US)

iteratehq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.65.194 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

nytimes-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 8.28.7.82 (United States) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.248.18.37 (United States) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.197.184.18 (Minneapolis, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-184-18.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.132.33.68 (United States) 1 redirects

ASN18568 (BIDTELLECT, US)
PTR: NET-33-132-192.68.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.223.22.214 (Seattle, United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.223.40.198 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	nyt.com g1.nyt.com — Cisco Umbrella Rank: 8871 static01.nyt.com — Cisco Umbrella Rank: 6128 a1.nyt.com — Cisco Umbrella Rank: 7407 vp.nyt.com — Cisco Umbrella Rank: 22037	1 MB
37	112388.xyz g.112388.xyz	1 MB
29	googlesyndication.com fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110 tpc.googlesyndication.com — Cisco Umbrella Rank: 157 ade.googlesyndication.com — Cisco Umbrella Rank: 356	234 KB
15	doubleclick.net 5 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 209 5290727.fls.doubleclick.net — Cisco Umbrella Rank: 8255 googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 cm.g.doubleclick.net — Cisco Umbrella Rank: 260 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 594	218 KB
14	nytimes.com samizdat-graphql.nytimes.com — Cisco Umbrella Rank: 6075 a.et.nytimes.com — Cisco Umbrella Rank: 5630 als-svc.nytimes.com Failed www.nytimes.com — Cisco Umbrella Rank: 3772 dd.nytimes.com — Cisco Umbrella Rank: 8330 purr.nytimes.com Failed a.nytimes.com Failed meter-svc.nytimes.com — Cisco Umbrella Rank: 21618 Failed	346 KB
10	2mdn.net 1 redirects s0.2mdn.net — Cisco Umbrella Rank: 336 gcdn.2mdn.net — Cisco Umbrella Rank: 1402 r1---sn-q4fl6ndl.c.2mdn.net — Cisco Umbrella Rank: 116227	780 KB
9	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 314 config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 591 aax.amazon-adsystem.com — Cisco Umbrella Rank: 395	77 KB
7	casalemedia.com 3 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 478 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 622 dsum.casalemedia.com — Cisco Umbrella Rank: 1367	4 KB
6	iteratehq.com platform.iteratehq.com — Cisco Umbrella Rank: 6478 iteratehq.com — Cisco Umbrella Rank: 5751	32 KB
5	rubiconproject.com fastlane.rubiconproject.com — Cisco Umbrella Rank: 520	4 KB
5	pubmatic.com 3 redirects hbopenbid.pubmatic.com — Cisco Umbrella Rank: 459 image8.pubmatic.com — Cisco Umbrella Rank: 664 image2.pubmatic.com — Cisco Umbrella Rank: 912	1 KB
4	chartbeat.net pnytimes.chartbeat.net — Cisco Umbrella Rank: 6938	801 B
4	3lift.com 2 redirects tlx.3lift.com — Cisco Umbrella Rank: 581 eb2.3lift.com — Cisco Umbrella Rank: 412	2 KB
4	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 253	4 KB
4	scorecardresearch.com 2 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 177	1 KB
4	geoedge.be rumcdn.geoedge.be — Cisco Umbrella Rank: 3394 gw.geoedge.be — Cisco Umbrella Rank: 4548	166 KB
3	brandmetrics.com cdn.brandmetrics.com — Cisco Umbrella Rank: 2888 collector.brandmetrics.com — Cisco Umbrella Rank: 3185	18 KB
3	openx.net 1 redirects rtb.openx.net — Cisco Umbrella Rank: 625 nytimes-d.openx.net — Cisco Umbrella Rank: 13872	836 B
2	adsrvr.org 2 redirects match.adsrvr.org — Cisco Umbrella Rank: 357	713 B
2	google.com adservice.google.com — Cisco Umbrella Rank: 98 www.google.com — Cisco Umbrella Rank: 2	1 KB
2	media.net prebid.media.net — Cisco Umbrella Rank: 1229 cs.media.net — Cisco Umbrella Rank: 1236	1 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	184 KB
1	bttrack.com 1 redirects bttrack.com — Cisco Umbrella Rank: 866	352 B
1	chartbeat.com static.chartbeat.com — Cisco Umbrella Rank: 1685	24 KB
1	datadoghq-browser-agent.com www.datadoghq-browser-agent.com — Cisco Umbrella Rank: 1454	49 KB
205	25

	Domain	Requested by
37	g.112388.xyz	g.112388.xyz rumcdn.geoedge.be www.datadoghq-browser-agent.com
27	static01.nyt.com	g.112388.xyz rumcdn.geoedge.be
18	pagead2.googlesyndication.com	www.datadoghq-browser-agent.com rumcdn.geoedge.be pagead2.googlesyndication.com tpc.googlesyndication.com fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com s0.2mdn.net
13	g1.nyt.com	g.112388.xyz g1.nyt.com
8	s0.2mdn.net	rumcdn.geoedge.be s0.2mdn.net fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com
8	tpc.googlesyndication.com	rumcdn.geoedge.be s0.2mdn.net
6	a.et.nytimes.com	g.112388.xyz www.datadoghq-browser-agent.com
5	cm.g.doubleclick.net	4 redirects googleads.g.doubleclick.net
5	fastlane.rubiconproject.com	www.datadoghq-browser-agent.com
5	aax.amazon-adsystem.com	c.amazon-adsystem.com www.datadoghq-browser-agent.com
4	iteratehq.com	www.datadoghq-browser-agent.com
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	pnytimes.chartbeat.net	g.112388.xyz
4	ib.adnxs.com	2 redirects www.datadoghq-browser-agent.com googleads.g.doubleclick.net
4	sb.scorecardresearch.com	2 redirects g.112388.xyz
4	securepubads.g.doubleclick.net	g.112388.xyz rumcdn.geoedge.be www.datadoghq-browser-agent.com
4	samizdat-graphql.nytimes.com	g.112388.xyz www.datadoghq-browser-agent.com
3	eb2.3lift.com	2 redirects
3	image8.pubmatic.com	2 redirects
3	c.amazon-adsystem.com	g.112388.xyz c.amazon-adsystem.com
3	rumcdn.geoedge.be	g.112388.xyz rumcdn.geoedge.be
2	match.adsrvr.org	2 redirects
2	dsum.casalemedia.com	1 redirects
2	nytimes-d.openx.net	1 redirects
2	platform.iteratehq.com	g.112388.xyz platform.iteratehq.com
2	googleads4.g.doubleclick.net	rumcdn.geoedge.be
2	googleads.g.doubleclick.net	rumcdn.geoedge.be
2	fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com	securepubads.g.doubleclick.net rumcdn.geoedge.be
2	vp.nyt.com	g.112388.xyz
2	cdn.brandmetrics.com	www.googletagmanager.com rumcdn.geoedge.be
2	a1.nyt.com	g.112388.xyz www.googletagmanager.com
2	5290727.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	dd.nytimes.com	g.112388.xyz www.datadoghq-browser-agent.com
2	www.googletagmanager.com	g.112388.xyz www.googletagmanager.com
1	bttrack.com	1 redirects
1	cs.media.net
1	image2.pubmatic.com	1 redirects
1	ade.googlesyndication.com	fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com
1	www.google.com	rumcdn.geoedge.be
1	r1---sn-q4fl6ndl.c.2mdn.net	fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com
1	gcdn.2mdn.net	1 redirects
1	gw.geoedge.be	rumcdn.geoedge.be
1	collector.brandmetrics.com	cdn.brandmetrics.com
1	adservice.google.com	5290727.fls.doubleclick.net
1	static.chartbeat.com	g.112388.xyz
1	meter-svc.nytimes.com	www.datadoghq-browser-agent.com
1	rtb.openx.net	www.datadoghq-browser-agent.com
1	htlb.casalemedia.com	www.datadoghq-browser-agent.com
1	prebid.media.net	www.datadoghq-browser-agent.com
1	tlx.3lift.com	www.datadoghq-browser-agent.com
1	hbopenbid.pubmatic.com	www.datadoghq-browser-agent.com
1	config.aps.amazon-adsystem.com	rumcdn.geoedge.be
1	www.nytimes.com	g.112388.xyz
1	www.datadoghq-browser-agent.com	g.112388.xyz
0	a.nytimes.com Failed	www.datadoghq-browser-agent.com
0	purr.nytimes.com Failed	www.datadoghq-browser-agent.com
0	als-svc.nytimes.com Failed	g.112388.xyz
205	57

This site contains links to these domains. Also see Links.

Domain
www.nytimes.com
cn.nytimes.com
cooking.nytimes.com
theathletic.com
help.nytimes.com
www.nytco.com
nytmediakit.com
www.tbrandstudio.com

Subject Issuer	Validity	Valid
112388.xyz E1	`2024-02-04` - `2024-05-04`	3 months	crt.sh
nytimes.com Thawte RSA CA 2018	`2023-03-22` - `2024-04-21`	a year	crt.sh
*.datadoghq-browser-agent.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-12` - `2024-12-14`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
a.et.nytimes.com R3	`2024-01-11` - `2024-04-10`	3 months	crt.sh
gw.geoedge.be Amazon RSA 2048 M01	`2023-08-12` - `2024-09-09`	a year	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-12-30` - `2024-12-04`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
config.aps.amazon-adsystem.com Amazon RSA 2048 M02	`2024-01-21` - `2025-02-19`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
dd.nytimes.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-08` - `2024-04-06`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2023-04-20` - `2024-05-20`	a year	crt.sh
*.3lift.com Amazon RSA 2048 M02	`2023-04-13` - `2024-05-11`	a year	crt.sh
prebid.media.net GTS CA 1D4	`2023-12-24` - `2024-03-23`	3 months	crt.sh
casalemedia.com Cloudflare Inc ECC CA-3	`2023-05-21` - `2024-05-20`	a year	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
meter-svc.nytimes.com R3	`2023-12-19` - `2024-03-18`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.chartbeat.com Thawte TLS RSA CA G1	`2023-05-16` - `2024-06-06`	a year	crt.sh
brandmetrics.com GTS CA 1P5	`2024-01-02` - `2024-04-01`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.chartbeat.net Thawte TLS RSA CA G1	`2023-11-20` - `2024-12-20`	a year	crt.sh
*.brandmetrics.com Go Daddy Secure Certificate Authority - G2	`2023-05-10` - `2024-06-10`	a year	crt.sh
iteratehq.com E1	`2024-01-20` - `2024-04-19`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.media.net DigiCert TLS RSA SHA256 2020 CA1	`2023-12-21` - `2024-12-21`	a year	crt.sh

This page contains 11 frames:

Primary Page: https://g.112388.xyz/
Frame ID: 17EDA46B9ABFCCEE80698320B4E3306F
Requests: 153 HTTP requests in this frame

Frame: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Frame ID: 29517C8AF9D92A01B944A7D927BB9714
Requests: 1 HTTP requests in this frame

Frame: https://5290727.fls.doubleclick.net/activityi;dc_pre=CIaRsrPukoQDFZYjTwgdnI4B-A;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=3797920242416;npa=0;auiddc=1084755029.1707090157;u17=https%3A%2F%2Fg.112388.xyz%2F;u5=;u18=;pscdl=noapi;gtm=45He41v0v72703797za200;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fg.112388.xyz%2F
Frame ID: EC61ACA70FA90889BB899B8D8D26E664
Requests: 2 HTTP requests in this frame

Frame: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 55010BBCEC0A26C5BBA1A767DCAA040F
Requests: 1 HTTP requests in this frame

Frame: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 495006196F5EACCBDD711612513CB67F
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhiQsuHtATAB&v=APEucNVhXUTFhHiwMORnwAejTcp9g92oFpqdX8xSB-WR9wezD4lVJyQYMSX2MYq2MIYfJeKcWCWfCXyGnn5X8qh5hWlPieUF7w
Frame ID: F155B304343CBAF6075738D973AAC738
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: FF05909A13E70A6619BE714C914C8EC4
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17082187209892412455/index.html?e=69&leftOffset=0&topOffset=0&c=8idV1eftTn&t=1&renderingType=2&ev=01_250
Frame ID: 19C50B81B1220D3D0535FD2B034B718A
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 28B1E97C76E81D9429A47E2D14D4FD5A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3F4CEF05A018AD3D0C3078459F7CF0EB
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js
Frame ID: BEA12669ABFEAECABCC6BE9F8E158D41
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The New York Times - Breaking News, US News, World News and VideosGroupGroupGroup2024 Election

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Datadome (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Page Statistics

205
Requests

90 %
HTTPS

38 %
IPv6

25
Domains

57
Subdomains

45
IPs

2
Countries

4452 kB
Transfer

18806 kB
Size

42
Cookies

288 Outgoing links

These are links going to different origins than the main page.

URL: https://www.nytimes.com/es/
Title: Español

Search URL Search Domain Scan URL

URL: https://cn.nytimes.com/
Title: 中文

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/todayspaper
Title: Today’s Paper

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/us
Title: U.S.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/politics
Title: Politics

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/nyregion
Title: New York

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/california-today
Title: California

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/education
Title: Education

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/health
Title: Health

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/obituaries
Title: Obituaries

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/science
Title: Science

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/climate
Title: Climate

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/sports
Title: Sports

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/business
Title: Business

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/technology
Title: Tech

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/upshot
Title: The Upshot

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/magazine
Title: The Magazine

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/news-event/2024-election
Title: 2024 Elections

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/topic/organization/us-supreme-court
Title: Supreme Court

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/topic/organization/us-congress
Title: Congress

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/joe-biden
Title: Biden Administration

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/news-event/donald-trump-investigations
Title: Trump Investigations

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/news-event/immigration-us
Title: Immigration

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/abortion-news
Title: Abortion

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/eric-adams-mayor-nyc
Title: The Eric Adams Administration

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/morning-briefing
Title: The MorningMake sense of the day’s news and ideas.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/upshot
Title: The UpshotAnalysis that explains politics, policy and everyday life.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters
Title: See all newsletters

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/the-daily
Title: The DailyThe biggest stories of our time, in 20 minutes a day.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/election-run-up-podcast
Title: The Run-UpOn the campaign trail with Astead Herndon.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/podcasts
Title: See all podcasts

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/world
Title: World

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/world/africa
Title: Africa

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/world/americas
Title: Americas

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/world/asia
Title: Asia

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/world/australia
Title: Australia

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/world/canada
Title: Canada

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/world/europe
Title: Europe

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/world/middleeast
Title: Middle East

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/news-event/israel-hamas-gaza
Title: Israel-Hamas War

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/news-event/ukraine-russia
Title: Russia-Ukraine War

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/morning-briefing-europe
Title: Morning Briefing: EuropeGet what you need to know to start your day.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/the-interpreter
Title: The InterpreterOriginal analysis on the week’s biggest global stories.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/australia-letter
Title: Australia LetterNews, features and opinion for readers in the region.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/canada-letter
Title: Canada LetterBackstories and analysis from our Canadian correspondents.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/business/economy
Title: Economy

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/business/media
Title: Media

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/markets-overview
Title: Finance and Markets

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/business/dealbook
Title: DealBook

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/technology/personaltech
Title: Personal Tech

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/business/energy-environment
Title: Energy Transition

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/your-money
Title: Your Money

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/news-event/economy-business-us
Title: U.S. Economy

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/artificial-intelligence
Title: Artificial Intelligence

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/dealbook
Title: DealBookThe most crucial business and policy news you need to know.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/hard-fork
Title: Hard ForkOur tech journalists help you make sense of the rapidly changing tech world.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/arts
Title: Arts

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/books
Title: Books

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/books/best-sellers
Title: Best Sellers

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/arts/dance
Title: Dance

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/movies
Title: Movies

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/arts/music
Title: Music

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/arts/television
Title: Television

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/theater
Title: Theater

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/pop-culture
Title: Pop Culture

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/t-magazine
Title: T Magazine

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/arts/design
Title: Visual Arts

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/best-of
Title: Best of 2023

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/news-event/awards-season
Title: Award Season

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/critics-picks
Title: Critic’s Picks

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/books-to-read
Title: What to Read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/what-to-watch
Title: What to Watch

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/playlist
Title: What to Listen To

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/interactive/2023/10/27/arts/music/music-fivemins-collection.html
Title: 5 Minutes to Make You Love Music

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/read-like-the-wind
Title: Read Like the WindBook recommendations from our critics.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/watching
Title: WatchingStreaming TV and movie recommendations.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/book-review-podcast
Title: Book ReviewThe podcast that takes you inside the literary world.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/popcast-pop-music-podcast
Title: PopcastPop music news, new songs and albums, and artists of note.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/lifestyle
Title: Lifestyle

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/well
Title: Well

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/travel
Title: Travel

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/style
Title: Style

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/realestate
Title: Real Estate

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/food
Title: Food

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/fashion
Title: Fashion

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/fashion/weddings
Title: Love

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/modern-love
Title: Modern Love

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/the-hunt
Title: The Hunt

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/social-qs
Title: Social Q’s

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/the-ethicist
Title: The Ethicist

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/well/eat
Title: Eat

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/well/move
Title: Move

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/well/mind
Title: Mind

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/well/family
Title: Family

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/well/live
Title: Live

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/ask-well
Title: Ask Well

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/open-thread-fashion
Title: Open ThreadThe latest news on what we wear, by our chief fashion critic.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/love-letter
Title: Love LetterReal stories of relationship highs, lows and woes.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/modern-love-podcast
Title: Modern LoveThe complicated love lives of real people.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion
Title: Opinion

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion/contributors
Title: Guest Essays

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion/editorials
Title: Editorials

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/op-docs
Title: Op-Docs

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/opinion-video
Title: Videos

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion/letters
Title: Letters

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion/politics
Title: Politics

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion/international-world
Title: World

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion/business-economics
Title: Business

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion/technology
Title: Tech

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion/environment
Title: Climate

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion/health
Title: Health

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion/culture
Title: Culture

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/by/charles-m-blow
Title: Charles M. Blow

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/by/jamelle-bouie
Title: Jamelle Bouie

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/by/david-brooks
Title: David Brooks

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/by/gail-collins
Title: Gail Collins

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/by/ross-douthat
Title: Ross Douthat

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/by/maureen-dowd
Title: Maureen Dowd

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/by/david-french
Title: David French

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/by/thomas-l-friedman
Title: Thomas L. Friedman

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/by/michelle-goldberg
Title: Michelle Goldberg

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/by/ezra-klein
Title: Ezra Klein

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/by/nicholas-kristof
Title: Nicholas Kristof

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/by/paul-krugman
Title: Paul Krugman

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/by/carlos-lozada
Title: Carlos Lozada

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/by/tressie-mcmillan-cottom
Title: Tressie McMillan Cottom

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/by/pamela-paul
Title: Pamela Paul

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/by/lydia-polgreen
Title: Lydia Polgreen

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/by/bret-stephens
Title: Bret Stephens

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/by/zeynep-tufekci
Title: Zeynep Tufekci

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/matter-of-opinion
Title: Matter of OpinionThoughts, aloud. With Michelle Cottle, Ross Douthat, Carlos Lozada and Lydia Polgreen.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/ezra-klein-podcast
Title: The Ezra Klein ShowDiscussions of ideas that matter, plus book recommendations.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/audio/app
Title: Download the Audio app on iOS.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/the-headlines
Title: The Headlines

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/interactive/2022/podcasts/serial-productions.html
Title: Serial Productions

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/reporter-reads
Title: Reporter Reads

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/the-sunday-read
Title: The Sunday Read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/10/19/podcasts/serial-kids-rutherford-county.html
Title: The Kids of Rutherford CountyA series about how one county illegally jailed children.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/audio
Title: AudioOur editors share their favorite listens from the New York Times Audio app.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/subscription/all-access
Title: Learn more.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/crosswords
Title: Games

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/puzzles/spelling-bee
Title: Spelling Bee

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/crosswords/game/mini
Title: The Mini Crossword

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/games/wordle/index.html
Title: Wordle

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/crosswords/game/daily/
Title: The Crossword

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/puzzles/vertex
Title: Vertex

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/games/connections
Title: Connections

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/puzzles/sudoku
Title: Sudoku

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/puzzles/letter-boxed
Title: Letter Boxed

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/puzzles/tiles
Title: Tiles

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/spelling-bee-forum
Title: Spelling Bee Forum

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/daily-crossword-column
Title: Wordplay Column

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/wordle-review
Title: Wordle Review

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/article/submit-crossword-puzzles-the-new-york-times.html
Title: Submit a Crossword

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/puzzle-making
Title: Meet Our Crossword Constructors

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2022/09/19/crosswords/mini-to-maestro-part-1.html
Title: Mini to Maestro

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/interactive/2022/upshot/wordle-bot.html
Title: Wordlebot

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/gameplay
Title: GameplayPuzzles, brain teasers, solving tips and more.

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/
Title: Cooking

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/easy-recipes
Title: Easy

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/dinner-recipes
Title: Dinner

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/68861692-nyt-cooking/43843372-quick-recipes
Title: Quick

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/healthy-recipes
Title: Healthy

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/breakfast
Title: Breakfast

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/vegetarian
Title: Vegetarian

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/vegan-recipes
Title: Vegan

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/our-best-chicken-recipes
Title: Chicken

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/our-best-pasta-recipes
Title: Pasta

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/desserts
Title: Dessert

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/68861692-nyt-cooking/638891-best-soup-stew-recipes
Title: Soups and Stews

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/easy-weeknight
Title: Easy Weeknight

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/68861692-nyt-cooking/32998034-our-newest-recipes
Title: Newest Recipes

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/68861692-nyt-cooking/2370458-one-pot-dinner-recipes
Title: One-Pot Meals

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/68861692-nyt-cooking/950138-amazing-slow-cooker-recipes
Title: Slow Cooker Recipes

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/comfort-food
Title: Comfort Food

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/entertaining
Title: Party Recipes

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/cooking
Title: The Cooking NewsletterCulinary inspiration from Sam Sifton and Melissa Clark.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/the-veggie
Title: The VeggieDelicious vegetarian recipes and tips from Tanya Sichynsky.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/five-weeknight-dishes
Title: Five Weeknight DishesDinner ideas for busy people from Emily Weinstein.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/
Title: Wirecutter

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter
Title: WirecutterReviews and recommendations for thousands of products.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/kitchen-dining/
Title: Kitchen

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/electronics/
Title: Tech

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/sleep/
Title: Sleep

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/appliances/
Title: Appliances

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/home-garden/
Title: Home and Garden

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/make-a-plan/moving/
Title: Moving

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/travel/
Title: Travel

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/gifts/
Title: Gifts

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/deals/
Title: Deals

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/baby-kid/
Title: Baby and Kid

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/health-fitness/
Title: Health and Fitness

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/reviews/best-air-purifier/
Title: Air Purifier

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/reviews/best-electric-toothbrush/
Title: Electric Toothbrush

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/reviews/best-pressure-washer/
Title: Pressure Washer

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/reviews/best-cordless-stick-vacuum/
Title: Cordless Stick Vacuum

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/reviews/best-office-chair/
Title: Office Chair

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/reviews/best-robot-vacuum/
Title: Robot Vacuum

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/the-recommendation
Title: The RecommendationThe best independent reviews, expert advice and intensively researched deals.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/clean-everything
Title: Clean EverythingStep-by-step advice on how to keep everything in your home squeaky clean.

Search URL Search Domain Scan URL

URL: https://theathletic.com/
Title: The Athletic

Search URL Search Domain Scan URL

URL: https://theathletic.com/nfl/
Title: NFL

Search URL Search Domain Scan URL

URL: https://theathletic.com/mlb/
Title: MLB

Search URL Search Domain Scan URL

URL: https://theathletic.com/nba/
Title: NBA

Search URL Search Domain Scan URL

URL: https://theathletic.com/football/premier-league/
Title: Premier League

Search URL Search Domain Scan URL

URL: https://theathletic.com/college-football/
Title: NCAAF

Search URL Search Domain Scan URL

URL: https://theathletic.com/college-basketball/
Title: NCAAM

Search URL Search Domain Scan URL

URL: https://theathletic.com/nhl/
Title: NHL

Search URL Search Domain Scan URL

URL: https://theathletic.com/womens-college-basketball/
Title: NCAAW

Search URL Search Domain Scan URL

URL: https://theathletic.com/football/mls/
Title: MLS

Search URL Search Domain Scan URL

URL: https://theathletic.com/formula-1/
Title: Formula 1

Search URL Search Domain Scan URL

URL: https://theathletic.com/football/nwsl/
Title: NWSL

Search URL Search Domain Scan URL

URL: https://theathletic.com/golf/
Title: Golf

Search URL Search Domain Scan URL

URL: https://theathletic.com/tag/a1-must-read-stories/
Title: Must-Read Stories

Search URL Search Domain Scan URL

URL: https://theathletic.com/tag/super-bowl/
Title: Super Bowl

Search URL Search Domain Scan URL

URL: https://theathletic.com/5029170/2023/11/06/free-agents-mlb-list/
Title: MLB Free Agency

Search URL Search Domain Scan URL

URL: https://theathletic.com/newsletters/the-pulse
Title: The PulseDelivering the top stories in sports, Sunday to Friday.

Search URL Search Domain Scan URL

URL: https://theathletic.com/newsletters/the-windup
Title: The WindupThe biggest stories in baseball, by Levi Weaver with Ken Rosenthal.

Search URL Search Domain Scan URL

URL: https://theathletic.com/newsletters/the-bounce
Title: The BounceEssential NBA news from Zach Harper and Shams Charania.

Search URL Search Domain Scan URL

URL: https://theathletic.com/newsletters/full-time
Title: Full TimeThe biggest women's soccer stories, from Emily Olsen, Meg Linehan & Steph Yang

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/live/2024/02/04/arts/grammy-awards
Title: Grammy AwardsFeb. 4, 2024, 6:39 p.m. ET3m ago3m ago

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/live/2024/02/04/us/california-storm-atmospheric-river
Title: California StormFeb. 4, 2024, 6:20 p.m. ET22m ago22m ago

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/live/2024/02/04/world/us-strikes-israel-hamas-news
Title: U.S. Plans Further Retaliation in Mideast as Blinken Heads to the RegionSecretary of State Antony Blinken’s trip comes after the U.S. helped carry out a new round of strikes against Houthi targets in Yemen.See more headlines 7+

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/04/world/middleeast/gaza-photos-israel-war.html
Title: Portraits of Gazans and the Destruction of the Israel-Hamas WarA photojournalist followed some Palestinians whose lives were ripped apart in one of the most destructive wars of the 21st century.7 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/interactive/2024/02/03/us/elections/results-south-carolina-democratic-primary.html
Title: South Carolina Results

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/article/nevada-caucus-primary-explainer.html
Title: Nevada’s Primary and Caucus

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/01/us/politics/super-tuesday-when-states.html
Title: Super Tuesday

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/interactive/2023/us/politics/presidential-candidates-2024.html
Title: Who Is Running?

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/interactive/2024/us/elections/republican-primary-calendar.html
Title: G.O.P. Delegate Tracker

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/04/us/politics/nikki-haley-husband-michael.html
Title: Nikki Haley’s ‘Rock’ Is Watching Her Campaign From a DistanceMichael Haley, a U.S. Army major deployed to Djibouti, has missed much of his wife’s pursuit of the White House. He is still a big presence for her.7 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/04/arts/television/snl-nikki-haley.html
Title: “Saturday Night Live” brought Nikki Haley into the mix.4 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/04/us/politics/trump-fox-interview.html
Title: Donald Trump pushed immigration conspiracy theories and mass deportations in an interview.3 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/interactive/2024/us/atmospheric-river-california-west-tracker.html
Title: Track the latest atmospheric rivers to hit California and the Pacific Northwest.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/04/world/asia/china-nuclear-missiles.html
Title: Fear and Ambition Propel Xi’s Nuclear AccelerationXi Jinping built up a nuclear arsenal, steeling for a growing rivalry with the United States. Now China is exploring how to wield its newfound strength.8 min read<img src="https://static01.nyt.com/images/2024/02/03/multimedia/03CHINA-NUCLEAR-01-bqzm/03CHINA-NUCLEAR-01-bqzm-threeByTwoMediumAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="Soldiers stand at attention as missiles roll by during a military parade. " class="css-122y91a"/>Kyodo News, via Getty Images

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/04/world/middleeast/turkey-earthquake-recovery.html
Title: <img src="https://static01.nyt.com/images/2024/02/01/multimedia/00turkey-hm-zwtq/00turkey-test-hm-zwtq-videoSixteenByNine1050.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="" class="css-122y91a"/>The Great ReadAfter the QuakeAn earthquake trapped a family of six. Four came out alive. Can they feel safe again?Emin Ozmen for The New York Times

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/interactive/2024/02/04/magazine/charan-ranganath-interview.html
Title: INTERVIEWA Leading Memory Researcher Explains How to Make Precious Moments LastOur memories have “knowledge and imagination and, sometimes, wisdom” says Charan Ranganath, a neuroscientist.<img src="https://static01.nyt.com/images/2024/02/04/reader-center/04Talk-poster/04Talk-poster-threeByTwoMediumAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="" class="css-122y91a"/>Mamadi Dambouya for The New York Times

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/04/arts/design/artificial-intelligence-fantasy-home.html
Title: <img src="https://static01.nyt.com/images/2024/01/31/multimedia/00ideas-hp-posterFPO/00ideas-hp-posterFPO-videoSixteenByNine1050-v13.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="An illustration of a small house that looks to be covered in a fuzzy material on a purple-yellow backdrop." class="css-122y91a"/>IDEASHow A.I. Is Remodeling the Fantasy HomeAmid an intractable real estate crisis, fake luxury houses offer a delusion of one’s own.Photo Illustration by Pablo Delcan

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/news-event/grammy-awards
Title: Grammy Awards

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/04/style/grammys-red-carpet-photos.html
Title: Red Carpet Photos

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/04/arts/music/grammys-winners-list.html
Title: Winners List

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/02/arts/music/grammys-how-to-watch-live.html
Title: How to Watch

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/01/31/arts/music/grammy-awards-taylor-swift-sza.html
Title: What to Expect

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/04/world/americas/chile-forest-fires.html
Title: ‘We’re Broken’: Wildfires on Chile’s Coast Kill 99 and Leave Hundreds MissingOfficials are warning of major destruction and loss of life after fast-moving fires swept through central Chile’s coastal hills.5 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/04/world/americas/photos-from-a-firestorm-chiles-deadly-blazes.html
Title: Inside a firestorm: See photos from Chile’s deadly blazes.1 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/04/us/addiction-california-sober.html
Title: What Does Being Sober Mean Today? For Many, Not Full Abstinence.More younger Americans are shunning alcohol while embracing cannabis, ketamine and psychedelics, shaking up the field of addiction medicine.6 min read<img src="https://static01.nyt.com/images/2024/01/31/multimedia/00nat-elastic-sobriety-01-twhb/00nat-elastic-sobriety-01-twhb-threeByTwoMediumAt2X-v2.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="Tiffany Fede sits with legs crossed, her hands on her chest." class="css-122y91a"/>Meridith Kohut for The New York Times

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/04/world/europe/ukraine-defense-east.html
Title: ‘They Do Not Stop’: Ukraine Goes on Defense Against a Relentless FoeAt the hot spots of the eastern front line in the war against Russia, Ukrainian troops are outmanned, outgunned and digging in.6 min read<img src="https://static01.nyt.com/images/2024/02/03/multimedia/04ukraine-defense-fader1/03ukraine-defense-01-vjzm-threeByTwoMediumAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="" class="css-122y91a"/>Tyler Hicks/The New York Times<img src="https://static01.nyt.com/images/2024/02/03/multimedia/04ukraine-defense-fader2/03ukraine-defense-02-vjzm-threeByTwoMediumAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="" class="css-122y91a"/>Tyler Hicks/The New York Times<img src="https://static01.nyt.com/images/2024/02/03/multimedia/04ukraine-defense-fader11/04ukraine-defense-fader11-threeByTwoMediumAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="" class="css-122y91a"/>Tyler Hicks/The New York Times<img src="http

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/02/technology/x-influencers-video.html
Title: How X Is Trying to Win Over InfluencersLinda Yaccarino, the chief executive of the platform formerly known as Twitter, is relying on her TV industry ties to recruit video creators to the site.6 min read<img src="https://static01.nyt.com/images/2024/01/23/business/00x-influencers/00x-influencers-threeByTwoMediumAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="An illustration of the X logo illuminated in lights. " class="css-122y91a"/>Matt Chase

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/04/opinion/texas-border-supreme-court-immigration.html
Title: <img src="https://static01.nyt.com/images/2018/04/02/opinion/linda-greenhouse/linda-greenhouse-thumbLarge.png?format=pjpg&quality=75&auto=webp&disable=upscale" alt="Linda Greenhouse" class="css-122y91a"/>Linda GreenhouseThere’s a Border War Inside the Supreme Court, Too5 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/04/opinion/taylor-swift-travis-kelce-maga.html
Title: <img src="https://static01.nyt.com/images/2024/02/04/multimedia/04French-glzp/04French-glzp-square320.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="A black and white photo of Taylor Swift and Travis Kelce embracing. She is whispering to him with her hand cupped around his ear." class="css-122y91a"/>David FrenchTaylor Swift and the Profound Weirdness of MAGA4 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/04/opinion/museums-artifacts-stolen.html
Title: Erin ThompsonMighty Shiva Was Never Meant to Live in Manhattan4 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/02/opinion/border-deal-senate-biden.html
Title: The Editorial BoardWhere the Sabotage of an Immigration Deal Is Coming From3 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/04/opinion/politics-friends-trump-pandemic.html
Title: <img src="https://static01.nyt.com/images/2024/02/04/opinion/04cullen/04cullen-square320.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="An illustration of five people all talking, very loudly, at once." class="css-122y91a"/>Art CullenWe Were Friends for Years. Trump Tore Us Apart.4 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/03/opinion/donald-trump-taylor-swift.html
Title: <img src="https://static01.nyt.com/images/2018/04/02/opinion/maureen-dowd/maureen-dowd-thumbLarge.png?format=pjpg&quality=75&auto=webp&disable=upscale" alt="Maureen Dowd" class="css-122y91a"/>Maureen DowdInside Trump’s Not-So-Swift Brain4 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/02/opinion/transgender-children-gender-dysphoria.html
Title: <img src="https://static01.nyt.com/images/2022/07/12/opinion/pamela-paul-new/pamela-paul-new-thumbLarge-v2.png?format=pjpg&quality=75&auto=webp&disable=upscale" alt="Pamela Paul" class="css-122y91a"/>Pamela PaulAs Kids, They Thought They Were Trans. They No Longer Do.18 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/02/opinion/biden-trump-democratic-party-future.html
Title: <img src="https://static01.nyt.com/images/2021/01/06/opinion/ezra-klein/ezra-klein-thumbLarge-v3.png?format=pjpg&quality=75&auto=webp&disable=upscale" alt="Ezra Klein" class="css-122y91a"/>Ezra KleinThe Democratic Party Is Having an ‘Identity Crisis’10 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/04/opinion/covid-vaccine-hesitancy.html
Title: Letters From Our ReadersThe Reasons for Covid Vaccine Hesitancy5 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/03/opinion/gaza-israel-war-children.html
Title: Nicholas KristofWe Can’t Justify This Much Suffering5 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/03/opinion/america-china-future.html
Title: Ross DouthatOnly America Can Save the Future4 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/03/opinion/filterworld-tiktok-cooking.html
Title: Jessica GroseAre These Recipes Good, or Is the TikTok Chef Just Good-Looking?4 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/03/opinion/united-nations-unrwa-palestinians.html
Title: Espen Barth EideThe World Needs to Stand by UNRWA4 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/live/2024/01/30/opinion/thepoint/iran-proxy-military-attack
Title: Bret StephensAttacking Iran’s Proxies Won’t Do the Job

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/03/opinion/abraham-lincoln-ambition-speech.html
Title: Jamelle Bouie‘If Destruction Be Our Lot, We Must Ourselves Be Its Author and Finisher’5 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/04/dining/gingery-longevity-noodles-to-make-again-and-again.html
Title: <img src="https://static01.nyt.com/images/2020/01/25/dining/jm-longevity-noodles/jm-longevity-noodles-square320.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="Julia Moskin’s longevity noodles." class="css-122y91a"/>What to Cook This WeekLongevity noodles, if eaten without biting through the strands, are considered auspicious.3 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/04/world/africa/kenya-deployment-haiti.html
Title: Kenya Plans to Bypass Court Order in Haiti DeploymentThe U.N.-approved mission to stem gang violence in Haiti has faced widespread criticism from activists and lawmakers and was blocked by a judge in Kenya.3 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/04/nyregion/times-square-attack-bragg.html
Title: Grand Jury to Hear Evidence in Times Square Assault on Police OfficersAlvin Bragg, the Manhattan district attorney, faced criticism after his office did not seek bail for most of the men arrested in the attack.4 min read

Search URL Search Domain Scan URL

URL: https://theathletic.com/5241468/2024/02/04/world-cup-final-2026-new-jersey/
Title: New Jersey’s MetLife Stadium to Host the 2026 World Cup FinalThe home of the New York Giants and the New York Jets was selected ahead of stadiums near Dallas and Los Angeles.From The Athletic

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/03/us/la-graffiti-building.html
Title: <img src="https://static01.nyt.com/images/2024/02/03/multimedia/03xp-graffiti-2-fjwk/03xp-graffiti-2-fjwk-threeByTwoMediumAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="An array of colorful graffiti covers multiple floors of a skyscraper in Los Angeles." class="css-122y91a"/>Mario Tama/Getty ImagesMultiple Floors of Empty Los Angeles Skyscrapers Are Covered in GraffitiThe 40-story buildings have been abandoned since 2019 and are across from Crypto.com Arena, where the Grammys are being held on Sunday.2 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/01/theater/the-following-evening-600-highway-men.html
Title: Jeanette Spicer for The New York TimesWhose Last Show Is It, Anyway?A meditation on mortality and renewal, “The Following Evening” presents mirror images of two married pairs of theater makers.5 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/01/arts/design/cycladic-art-stern-metropolitan-museum-greece.html
Title: Old-Time Modernity: Cycladic Art at the MetA major collection of early Greek figures and vessels makes for a transformative event.5 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/01/movies/the-promised-land-review-mads-mikkelsen.html
Title: Movie Review‘The Promised Land’: Coaxing Crops From a Wild LandMads Mikkelsen stars as a soldier with little money but big ideas.3 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/02/movies/judy-blume-kenny-g-summer-of-soul.html
Title: 3 Celebrity Documentaries Worth Your TimeThese films present a deep understanding of their subjects’ cultural import.2 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/02/03/arts/television/violett-beane-death-other-details.html
Title: Violett Beane Doesn’t Mind Uncomfortable SilenceThe actor, who stars in “Death and Other Details,” values such moments.4 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/connections-companion
Title: Connections CompanionIn case you need some puzzle help.<img src="https://static01.nyt.com/images/2023/10/19/crosswords/19connections-column-133/19connections-column-133-square320-v2.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="An illustration of a person giving a figure a thumbs up." class="css-122y91a"/>

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014792127-Copyright-notice
Title: © 2024 The New York Times Company

Search URL Search Domain Scan URL

URL: https://www.nytco.com/
Title: NYTCo

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115015385887-Contact-Us
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115015727108-Accessibility
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.nytco.com/careers/
Title: Work with us

Search URL Search Domain Scan URL

URL: https://nytmediakit.com/
Title: Advertise

Search URL Search Domain Scan URL

URL: https://www.tbrandstudio.com/
Title: T Brand Studio

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/privacy/cookie-policy#how-do-i-manage-trackers
Title: Your Ad Choices

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/privacy/privacy-policy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014893428-Terms-of-service
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014893968-Terms-of-sale
Title: Terms of Sale

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/ca/
Title: Canada

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/international/
Title: International

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us
Title: Help

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/subscription?campaignId=37WXW
Title: Subscriptions

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 75

https://sb.scorecardresearch.com/b?c1=2&c2=3005403&ns__t=1707090155235&ns_c=UTF-8&c8=The%20New%20York%20Times%20-%20Breaking%20News%2C%20US%20News%2C%20World%20News%20and%20Videos&c7=https%3A%2F%2Fg.112388.xyz%2F&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=3005403&ns__t=1707090155235&ns_c=UTF-8&c8=The%20New%20York%20Times%20-%20Breaking%20News%2C%20US%20News%2C%20World%20News%20and%20Videos&c7=https%3A%2F%2Fg.112388.xyz%2F&c9=

Request Chain 115

https://5290727.fls.doubleclick.net/activityi;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=3797920242416;npa=0;auiddc=1084755029.1707090157;u17=https%3A%2F%2Fg.112388.xyz%2F;u5=;u18=;pscdl=noapi;gtm=45He41v0v72703797za200;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fg.112388.xyz%2F HTTP 302
https://5290727.fls.doubleclick.net/activityi;dc_pre=CIaRsrPukoQDFZYjTwgdnI4B-A;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=3797920242416;npa=0;auiddc=1084755029.1707090157;u17=https%3A%2F%2Fg.112388.xyz%2F;u5=;u18=;pscdl=noapi;gtm=45He41v0v72703797za200;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fg.112388.xyz%2F

Request Chain 148

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECVZjYU_0ENYaS3Ec24gYDI&google_cver=1

Request Chain 149

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZcAg7m0U58nwuBiLQYCqrgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECVZjYU_0ENYaS3Ec24gYDI&google_cver=1

Request Chain 150

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEMnxdPYHJtslgAMu00jQMHc&google_cver=1

Request Chain 151

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzk1Mzk1MjU1Mjk4MjAwNTAy

Request Chain 170

https://sb.scorecardresearch.com/c2/3005403/cs.js HTTP 302
https://sb.scorecardresearch.com/internal-c2/3005403/cs.js

Request Chain 181

https://gcdn.2mdn.net/videoplayback/id/344e2c4a56fb15b0/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1738626158/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/4630BAA261D0CA321174ACC7FD2132DC80799D88.A5A9C1439EB95D393DFE341209BAFA3FEDCDA30C/key/ck2/file/file.mp4 HTTP 302
https://r1---sn-q4fl6ndl.c.2mdn.net/videoplayback/id/344e2c4a56fb15b0/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1738626158/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7B5A6B97C8271DB8B8932085322D32C9E3A1FC.6351944C26928E06E01EB188C426843416EF6408/key/cms1/cms_redirect/yes/mh/wV/mip/2001:550:1d05:1::11/mm/42/mn/sn-q4fl6ndl/ms/onc/mt/1707087512/mv/u/mvi/1/pl/48/file/file.mp4

Request Chain 199

https://nytimes-d.openx.net/w/1.0/pd HTTP 302
https://nytimes-d.openx.net/w/1.0/pd?cc=1

Request Chain 200

https://image8.pubmatic.com/AdServer/ImgSync?p=163427 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=163427&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MTQ5MjgzMUEtM0Y3RC00QTg4LUI4MDgtOUEyRDQxQkJDNDkz&gdpr=-1&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=-1&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}

Request Chain 202

https://dsum.casalemedia.com/pbusermatch?origin=prebid&site_id=995821&p=1&i=0&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://bttrack.com/pixel/cookiesync?source=67e94f23-25d6-4008-8236-375d1743c2e0&secure=1 HTTP 302
https://dsum.casalemedia.com/crum?cm_dsp_id=156&external_user_id=1dbe334b-b427-43cd-9874-c733fbf51a40

Request Chain 203

https://eb2.3lift.com/sync?px=1&src=prebid& HTTP 302
https://eb2.3lift.com/sync?px=1&src=prebid&&ld=1 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=3658&xuid=4b8758b0-4de2-4908-a0bc-c5e5b724f4a3&dongle=0cfd&gdpr=0&gdpr_consent=

205 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
g.112388.xyz/ 905 KB
133 KB 201ms
82ms Document
text/html 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://g.112388.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8abad653146202c788eb7b05992860760c87f85367894c4fefc3378a480c6c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Nyt-Mktg-Group, X-Nyt-Mktg-Group
age: 122
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=30,no-cache
cf-cache-status: DYNAMIC
cf-ray: 8506c554bd40da6f-MIA
content-encoding: br
content-type: text/html; charset=utf-8
date: Sun, 04 Feb 2024 23:42:33 GMT
last-modified: Sun, 04 Feb 2024 23:40:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/
permissions-policy: browsing-topics=()
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OwEwfxRlkeFaLMmeT7KjeePbI2CUwuFkycplrc1%2Bjdn9YnXoieCnFisHjw%2F9UgseSG0MbP1%2F2bVGrg6gnvzsGo%2FFgiFgKXqHJefNwygdybH26wJDmLyLC7ip9Ba9hquTurH2gMyWEK2ufZQ%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains; preload
vary: Accept-Encoding, Fastly-SSL
x-api-version: F-F-VI
x-b3-traceid: 4a2859a016ac4a1abf5789156687bc00
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-content-type-options: nosniff
x-envoy-decorator-operation: vi.nyt.net:443/*
x-envoy-upstream-service-time: 611
x-frame-options: DENY
x-gdpr: 0
x-nyt-app-webview: 0
x-nyt-data-last-modified: Sun, 04 Feb 2024 23:40:27 GMT
x-nyt-edge-cache: MISS-HIT
x-nyt-home-headers-map: allocation-id=tKRAc0ixX-v2hOmvTX182J
x-nyt-mktg-group: group1
x-nyt-route: homepage
x-origin-time: 2024-02-04 23:40:32 UTC
x-pagetype: vi-homepage
x-served-by: cache-lga13629-LGA, cache-mia-kmia1760096-MIA
x-timer: S1707090154.749144,VS0,VE5
x-xss-protection: 1; mode=block

GET
H2 200 web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
g1.nyt.com/fonts/css/ 60 KB
10 KB 141ms
32ms Stylesheet
text/css 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

09bff184ea094a06e46d7f26512fd7b245304078a27f1ba8084488cbcf7704de

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Fri, 02 Feb 2024 05:46:13 GMT
date: Sun, 04 Feb 2024 23:42:33 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 1611904
x-guploader-uploadid: ADPycduGY6M3wNYHV6UpueyfnsXJLOxiOAQwp3106DL_EFazhtPLZl2SiGLw-MEdlW4L8uCNG3OcGvr0KYfUUjnOG146xEM6rVi6
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 9868
x-served-by: cache-mia-kmia1760045-MIA
last-modified: Tue, 17 Jan 2023 21:42:55 GMT
server: UploadServer
x-timer: S1707090154.918064,VS0,VE0
etag: "b79308aee772cf8921761a4fdb884fe5"
vary: X-Goog-Allowed-Resources, Accept-Encoding
x-goog-generation: 1673991774978541
content-type: text/css; charset=utf-8
access-control-allow-origin: *
x-goog-hash: crc32c=ay5bmg==, md5=t5MIrudyz4khdhpP24hP5Q==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 9868
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 13419

GET
H2 200 global-f449cfd9976ad673ef2b7ab5098b85be.css
g.112388.xyz/vi-assets/static-assets/ 6 KB
3 KB 64ms
62ms Stylesheet
text/css 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://g.112388.xyz/vi-assets/static-assets/global-f449cfd9976ad673ef2b7ab5098b85be.css

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57bc281be64ff5ec8e3c2258640df6097a32f08ac5a2c346f214300eb430f176

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-encoding: br
x-guploader-uploadid: ADPycdt8r4Sy5spKEF0AnU13DTGVA7nuX-jkD-SWiMRd8nUps-1K0IjGlNy6qIUMtsi1hT-qVPmTbQHnE2dgCEKlDwHaT8bItqwu
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2023-02-02 05:46:13 UTC
x-served-by: cache-mia-kmia1760097-MIA
x-timer: S1707090154.833641,VS0,VE1
etag: W/"e74f8b7c668251280cf3e52e20455a1c"
vary: X-Goog-Allowed-Resources, Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/global-f449cfd9976ad673ef2b7ab5098b85be.css
content-type: text/css; charset=utf-8
access-control-allow-origin: *
x-goog-generation: 1675282674119408
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-route: vi-assets
x-nyt-app-webview: 0
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 10376
expires: Fri, 02 Feb 2024 05:46:13 GMT
date: Sun, 04 Feb 2024 23:42:33 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 02 Feb 2023 04:31:58 GMT
server: cloudflare
x-goog-hash: crc32c=jAKqfw==, md5=50+LfGaCUSgM8+UuIEVaHA==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=he6aSVTAkhVOxVEfOktJ9EM2mizCUZaWNB7H6icWOIJx3QI3MwcHu%2BGYzWFc5qoiMUoSmpIO8Jhlsf%2F55ptmvBMZf57E%2FmiU6uw4a5b1n4fYH2HZO5Wjpfl9hdWi8MwcxPT2XH%2BgETY9jRg%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 5656
cf-ray: 8506c5555e53da6f-MIA

GET
H2 200 datadog-rum.js Show response
www.datadoghq-browser-agent.com/us1/v5/ 151 KB
49 KB 383ms
82ms Script
application/javascript 108.138.129.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Requested by: Host: g.112388.xyz
URL: https://g.112388.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.129.160 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-129-160.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8de57ccc597a47f4e5d327cbf0da94ef7fd133cfedd48f54d65841af6dd9e526

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:41:48 GMT
content-encoding: br
via: 1.1 8cade7b1319c32b4f7e5477c5302d6c8.cloudfront.net (CloudFront)
last-modified: Tue, 16 Jan 2024 14:27:09 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P4
age: 47
x-amz-server-side-encryption: AES256
etag: W/"cf56052b7fa4744416065d618b7e90db"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=14400, s-maxage=60
timing-allow-origin: *
x-amz-cf-id: Xa2YGQ4HRnhXYCHL5vgZ9fueiSrbMNyHuTTNI6TH3sBFsh3PX9jD9A==

GET
H3 200 adslot-aaa844348e9357d134ca.js Show response
g.112388.xyz/vi-assets/static-assets/ 24 KB
9 KB 116ms
105ms Script
application/javascript 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://g.112388.xyz/vi-assets/static-assets/adslot-aaa844348e9357d134ca.js

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e4f1d4bec050ef777e2ea447a00d046c77c7a5c1ad2ee637b943791fd408a40

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-encoding: br
x-guploader-uploadid: ABPtcPo0Jf3FtTV3DPXIE5ZW6jbX-OySBAzWcDD24m7O7YNYXueCzs-L5iMTEdeNrdc5gTRDdYQ
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:20 UTC
x-served-by: cache-mia-kmia1760094-MIA
x-timer: S1707090154.030380,VS0,VE1
etag: W/"e5bc1c71c037402d8fba637a9b134646"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/adslot-aaa844348e9357d134ca.js
content-type: application/javascript
access-control-allow-origin: *
x-goog-generation: 1706198791071937
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-route: vi-assets
x-nyt-app-webview: 0
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 17073
expires: Thu, 30 Jan 2025 15:15:53 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 31 Jan 2024 15:11:56 GMT
server: cloudflare
x-goog-hash: crc32c=ytIS0g==, md5=5bwcccA3QC2PumN6mxNGRg==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9%2Fr4MgGqhjRSDN7F44nrA8afBu1qYFikuxaNKiVBnjslZTxu4qBbcZWi9ZkH8kRbEk8H7X3me5jojJR91FWclcaBBmg8TrhCMJHW1DCf4V1elFqMXxh6aOS%2FEAyJVCVVngl2XWNeebf1wrU%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 24267
cf-ray: 8506c5568ff80331-MIA

GET
H2 200 icon-the-morning_144x144-b12a6923b6ad9102b766352261b1a847.webp
g.112388.xyz/vi-assets/static-assets/ 2 KB
3 KB 70ms
69ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-the-morning_144x144-b12a6923b6ad9102b766352261b1a847.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e99cc00c52afca0a9c6a4bcbc440dec602e194e04eba329850b57c16283779e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPpktWYaO-o9-O2tmLl-OEG5e9LFfozGcdjFx-npPC9D0EUgoroOGR7h18m2xYfn4-oiG8ROfJdNQw
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:41 UTC
x-served-by: cache-mia-kmia1760026-MIA
x-timer: S1707090154.899073,VS0,VE1
etag: "1a850d4e08393437f3268ced083856bd"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-the-morning_144x144-b12a6923b6ad9102b766352261b1a847.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219412775
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 9267
expires: Thu, 30 Jan 2025 14:59:38 GMT
date: Sun, 04 Feb 2024 23:42:33 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 1974
last-modified: Wed, 31 Jan 2024 14:58:41 GMT
server: cloudflare
x-goog-hash: crc32c=nhpbwg==, md5=GoUNTgg5NDfzJoztCDhWvQ==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FPg91mUhJst0kYkD1nVD6vmrizuYCE1CQxLVoIZ4%2F5mi2YUgan6rsPJwkpy4jtEY5%2BY2XYR7xd5YAZxFjHQ617wjJzKM70Ad1HzkXYk3fvZ8EFtaoXR1ZwxLCSkfj%2Bnn7kiNcCts6HfKX7c%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 1974
accept-ranges: bytes
cf-ray: 8506c555aed2da6f-MIA

GET
H2 200 icon-the-upshot_144x144-0b1553ff703bbd07ac8fe73e6d215888.webp
g.112388.xyz/vi-assets/static-assets/ 986 B
2 KB 68ms
68ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-the-upshot_144x144-0b1553ff703bbd07ac8fe73e6d215888.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

815e85139cc9a73d4233ca7620d3aea96bd46da73c96ef98f9f6217747252861

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPoi6dUnTocTy9ulJKE6s1BCpnwumiMgIBbu3N6qFa8RpI0_7lrQbHrl7RXFHQErmohYjg
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:41 UTC
x-served-by: cache-mia-kmia1760020-MIA
x-timer: S1707090154.892107,VS0,VE1
etag: "7619f36515a80c34616bb3f706438e35"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-the-upshot_144x144-0b1553ff703bbd07ac8fe73e6d215888.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219415013
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 9373
expires: Thu, 30 Jan 2025 14:59:45 GMT
date: Sun, 04 Feb 2024 23:42:33 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 986
last-modified: Wed, 31 Jan 2024 14:58:41 GMT
server: cloudflare
x-goog-hash: crc32c=oIrD8w==, md5=dhnzZRWoDDRha7P3BkOONQ==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wtLdnpWG84FvCf4%2BpR%2FvoI6njkDV69cYBqH7DPpV5roDGRdAbpUwRy1yQcFJ%2FxoVGglLASN0KyhD2%2F0CbE4P66V6vl1vo7E%2BbjP3sKbtiSrQHq65UOfTJbHNSVDdInykD9b0rO%2F77c99m9Y%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 986
accept-ranges: bytes
cf-ray: 8506c555aed6da6f-MIA

GET
H2 200 the-daily-album-art-square320-v5.jpg
static01.nyt.com/images/2017/01/29/podcasts/the-daily-album-art/ 4 KB
4 KB 212ms
167ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2017/01/29/podcasts/the-daily-album-art/the-daily-album-art-square320-v5.jpg?quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

66debd0db62a3f53e72503a053f862b586a886e6a399fd8243b5e0180d304dec

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Fri, 22 Sep 2023 10:43:28 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 303673
x-guploader-uploadid: ADPycdssSnViHSr4ZBjEhtgMu6dFrgAc8-C2R354cKLgM3ULZNHJ3dE1u3AQxepiy4nleaP1CujcJ_pxzDTw95LfoqfEH5G1LSKs
x-cache: HIT, HIT
fastly-io-info: ifsz=15986 idim=320x320 ifmt=jpeg ofsz=3614 odim=320x320 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 3614
x-served-by: cache-iad-kcgs7200066-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090154.011628,VS0,VE0
etag: "HnnVz93O4bK0D9Smvlwnf0lv96YmNmLNlX7IWtdXh7Q"
vary: Accept
x-goog-generation: 1688068264438165
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=JiXB7Q==, md5=PfDXw6toN2ZQvpOKxIlHug==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 15986
x-amz-checksum-crc32c: JiXB7Q==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 197, 10971

GET
H2 200 the-run-up-album-art-thumbLarge.jpg
static01.nyt.com/images/2022/08/29/podcasts/the-run-up-album-art/ 5 KB
6 KB 88ms
44ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2022/08/29/podcasts/the-run-up-album-art/the-run-up-album-art-thumbLarge.jpg?quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

352b9e243c2e3a49a49cb8bc8df84d0a04183bbc3eac33a0476c9a11ff9e352d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Wed, 04 Oct 2023 07:17:37 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300720
age: 154697
x-guploader-uploadid: ADPycdtHTcE6oJpJUyUJnS6FTqtIPAzmrvyHf2ozzBd7EyI2NabnUMlD_D4MBVpxerg89VPOoGGvALuUGSQuPelDzTjXtQ
x-cache: HIT, HIT
fastly-io-info: ifsz=13823 idim=150x150 ifmt=jpeg ofsz=5314 odim=150x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 5314
x-served-by: cache-iad-kiad7000132-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090154.011647,VS0,VE0
etag: "hoyyH5q1+NTFT41vUc5DQY1n5mPXI75JtPWFn4Jaf4Q"
vary: Accept
x-goog-generation: 1688683994203172
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=10HhSg==, md5=VVlpmckmFDe4+jzoN3ttXQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 13823
x-amz-checksum-crc32c: 10HhSg==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 41, 5518

GET
H3 200 icon-europe-morning-briefing_144x144-f0a330cb12ba0c31f81f13e25f6d0d18.webp
g.112388.xyz/vi-assets/static-assets/ 1 KB
3 KB 146ms
143ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-europe-morning-briefing_144x144-f0a330cb12ba0c31f81f13e25f6d0d18.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7184f94de6059eb2acabe5ca2b8d4dee7ce2817a5c69de917b8c987a38a58c60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPoRdhXrBTjfIyUtMHUKA_C-o9997YsB34H7NBvlegWCdLoOcqohlCumtfWiuEicr9NLjw
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:41 UTC
x-served-by: cache-mia-kmia1760092-MIA
x-timer: S1707090154.029441,VS0,VE1
etag: "7b359190695ab3ab692b459d08d6fc80"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-europe-morning-briefing_144x144-f0a330cb12ba0c31f81f13e25f6d0d18.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219393647
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 9133
expires: Thu, 30 Jan 2025 15:00:54 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 1346
last-modified: Wed, 31 Jan 2024 14:58:41 GMT
server: cloudflare
x-goog-hash: crc32c=SN0HNw==, md5=ezWRkGlas6tpK0WdCNb8gA==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ofolprYY5h74AJPjEdTLDtCvk%2FTcOvAxLd8Srs0K2XbUPCpaxIEv6GfcmoqoJqzv0dewUgeAUrrwny34xmdJxhLD%2FLBcguZstOfuZOGSxW%2BMc062KlUkAT1Sf4CGkxlHEqX8AzcvxbGqRRI%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 1346
accept-ranges: bytes
cf-ray: 8506c5567fe40331-MIA

GET
H3 200 icon-the-interpreter_144x144-b29b74b2ebedb8e74823f33b16fb8167.webp
g.112388.xyz/vi-assets/static-assets/ 2 KB
4 KB 109ms
98ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-the-interpreter_144x144-b29b74b2ebedb8e74823f33b16fb8167.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1fd7964d738926046b207a7c8ac57250afdefabc84fe7efc836766f7bd5dbef

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPrwNfVJNdUfwacA2TpEFSQBkYZdTu_wUkgkPVz_jjw2QvSsxopBDC8hmXycIB6m5fu4aMQKzwJMcw
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:40 UTC
x-served-by: cache-mia-kmia1760061-MIA
x-timer: S1707090154.027663,VS0,VE1
etag: "8b73b365ca326ed75a6fccc55f981049"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-the-interpreter_144x144-b29b74b2ebedb8e74823f33b16fb8167.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219425389
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 8853
expires: Thu, 30 Jan 2025 14:59:39 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 2540
last-modified: Wed, 31 Jan 2024 14:58:41 GMT
server: cloudflare
x-goog-hash: crc32c=fxGWyQ==, md5=i3OzZcoybtdab8zFX5gQSQ==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z5Ej9itw6kB91trc83TXg1NSIDow1d7QOqS%2BE0sj5myX0FE0cVZak7ha8h2RMbqSFw3Sdop5ckIwUPmsN7Jv0ltRJ5Tsv21FKLzUVduoQ6NnyqmQomfXYFPwzHKgeO6ZdfcQLDT3FMgPdaE%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 2540
accept-ranges: bytes
cf-ray: 8506c5568ffb0331-MIA

GET
H3 200 icon-australia-letter_144x144-725c615ef3bd78aad9022371a0185fbf.webp
g.112388.xyz/vi-assets/static-assets/ 1 KB
3 KB 147ms
136ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-australia-letter_144x144-725c615ef3bd78aad9022371a0185fbf.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27141b3b405cc996997629f3e4e561247b42b1bdbbb9e3a53b09c45bd5c5d135

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPp2fRPtmMoX8acHmOWdqhNNmHt7Bg-P9RiLfmaJ6RackJTy3C-JhmuI-SltV9lUnZfK15RdzDyz-g
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:41 UTC
x-served-by: cache-mia-kmia1760086-MIA
x-timer: S1707090154.027219,VS0,VE1
etag: "c3a86945c78cf2a1f5a56cd6d85df60d"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-australia-letter_144x144-725c615ef3bd78aad9022371a0185fbf.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219374278
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 9355
expires: Thu, 30 Jan 2025 14:59:43 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 1488
last-modified: Wed, 31 Jan 2024 14:58:41 GMT
server: cloudflare
x-goog-hash: crc32c=/ahZ/A==, md5=w6hpRceM8qH1pWzW2F32DQ==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8TGF%2Fd0zXSYmpb1toRJ%2BvXT8vNL8sOnY6zEuK8WNRO0m1lGlCA01a%2BdIviAwKDBD4yld9AOI19BkQuIsysILA%2FRjMBHVdkDJZWdRGQQUfwV5Kzx4iVwfpkQQiaPe33G%2BU8%2BrRAl2u45UWkY%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 1488
accept-ranges: bytes
cf-ray: 8506c5568ffc0331-MIA

GET
H3 200 icon-canada-letter_144x144-65d899377edbcce9773d31fd03a77e8d.webp
g.112388.xyz/vi-assets/static-assets/ 1 KB
3 KB 114ms
104ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-canada-letter_144x144-65d899377edbcce9773d31fd03a77e8d.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a97d7e2b2a744b06c4860981b48cf1a6f1a4046e48270bf825cf9a90b1f3636

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPqnU1YC7xvDjnr-GDijFgEB2_EKcgd7jI54tZ3qnD1UAV6DI5S85tfHtAVWwSRJkUT118FQ73xLnQ
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:41 UTC
x-served-by: cache-mia-kmia1760079-MIA
x-timer: S1707090154.028417,VS0,VE1
etag: "da33dcbb2e78aa9d454f3acf848bce37"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-canada-letter_144x144-65d899377edbcce9773d31fd03a77e8d.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219386867
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 9348
expires: Thu, 30 Jan 2025 15:11:31 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 1512
last-modified: Wed, 31 Jan 2024 15:02:47 GMT
server: cloudflare
x-goog-hash: crc32c=dxujdg==, md5=2jPcuy54qp1FTzrPhIvONw==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pj0kiVTZojjhLQb7OKJFLS%2BIeU1%2BGl61RIeqAULHBw%2FPSrUsbHaGMJin0R2F03rRxXN0NZtYWNc9ti51pVmbicrfc1FPQx4pfXaK4b3TKO9uTj5dYCV%2FZNVMhvG7kIav8gktmntf1J0KrDw%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 1512
accept-ranges: bytes
cf-ray: 8506c5568ffd0331-MIA

GET
H3 200 icon-dealbook_144x144-28e8f71aafff426804c3a92b1b176e07.webp
g.112388.xyz/vi-assets/static-assets/ 1 KB
2 KB 147ms
137ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-dealbook_144x144-28e8f71aafff426804c3a92b1b176e07.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

922a4c224d2a5acba49effd511ac46c69297624b2ce0c0477530b9bb2d8487d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPoTHZ4RzKZ7nezQ0KwVXJ-s3GFaFZl-EVFGbbpxRcaYGmYZdF8tH1KFtGDQ82Pv2nz1g54
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:41 UTC
x-served-by: cache-mia-kmia1760085-MIA
x-timer: S1707090154.029745,VS0,VE1
etag: "1b37cfabd6ce4edd45d8158c64192651"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-dealbook_144x144-28e8f71aafff426804c3a92b1b176e07.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219388373
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 9234
expires: Thu, 30 Jan 2025 14:59:35 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 1094
last-modified: Wed, 31 Jan 2024 14:58:41 GMT
server: cloudflare
x-goog-hash: crc32c=4KdzEQ==, md5=GzfPq9bOTt1F2BWMZBkmUQ==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZyP2jz%2Bpr1VVHiN2CJy2wiIQGrG%2FxqVfooMFRM2K03ldJ5OaIYXv8K6z2SeSc1DwnwuBScs61dLMsLhtj67RuTaUqq7wq6m1bWKjPsCx58b%2Fl9Kh2GKTE4UfS5z3y3vA3E4RuPkOFNy9hbM%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 1094
accept-ranges: bytes
cf-ray: 8506c5568fff0331-MIA

GET
H2 200 hard-fork-album-art-square320-v2.png
static01.nyt.com/images/2022/09/28/podcasts/hard-fork-album-art/ 116 KB
117 KB 53ms
39ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2022/09/28/podcasts/hard-fork-album-art/hard-fork-album-art-square320-v2.png?quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

5ed9e9f81abee651d7645c6ae932a099ff7595eb893df2bd66306c818adf5a39

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Tue, 10 Oct 2023 05:34:06 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300714
age: 287904
x-guploader-uploadid: ADPycdulbB1uSrQH1DH1e9iQT9pQg6UhvS1tcY0TPdJHo3hOTQS1o5jGCYT_JzoZfYiGCucP3DPcnlW046xT17NR6eRQ0g
x-cache: HIT, HIT
fastly-io-info: ifsz=171964 idim=320x320 ifmt=png ofsz=118748 odim=320x320 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 118748
x-served-by: cache-iad-kjyo7100038-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090154.011640,VS0,VE0
etag: "MIre+hRw2cMgJa2uP+CeD5Zo0tG02ZYiidiRIV/6TxQ"
vary: Accept
x-goog-generation: 1666018564084320
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=rwW/FQ==, md5=QcPAglE24zD6+D1DXSLedQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 171964
x-amz-checksum-crc32c: rwW/FQ==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 47, 10527

GET
H3 200 icon-read-like-the-wind_144x144-5bcf9faf41d0b49df1df29e59a868b36.webp
g.112388.xyz/vi-assets/static-assets/ 1 KB
3 KB 154ms
145ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-read-like-the-wind_144x144-5bcf9faf41d0b49df1df29e59a868b36.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f92d409454f07d130a17a8a40694683700fa7908f77519aa3fd6ed6bf08a43af

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPq7PGxuc42pm3mFkmhPLbFp21cXEQ-B59xwjXPMB8z5amr__F4trg1osWz-BRdt_Kxi8LzsY6euKQ
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:41 UTC
x-served-by: cache-mia-kmia1760068-MIA
x-timer: S1707090154.030168,VS0,VE1
etag: "2f322bce46245172bb707708f4d9942b"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-read-like-the-wind_144x144-5bcf9faf41d0b49df1df29e59a868b36.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219402688
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 8912
expires: Thu, 30 Jan 2025 14:59:35 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 1310
last-modified: Wed, 31 Jan 2024 14:58:41 GMT
server: cloudflare
x-goog-hash: crc32c=Y1z48w==, md5=LzIrzkYkUXK7cHcI9NmUKw==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DdcjaMHL3HFDv9ePBk18lSbkU8lWvsWQq500PWC8HaXg1bTY174A%2FmQRVBMfKcXqZExKI%2FII1j945vkQA%2Bdd5%2Fu2Kws%2BZT3tnDOV%2BF6%2FpXAstbiaOAPNk0U8N7Xv8JHm19FCCTkwN2OS8ZE%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 1310
accept-ranges: bytes
cf-ray: 8506c55688010331-MIA

GET
H3 200 icon-watching_144x144-631a1da177f9fda1a7f4614ad8e607bd.webp
g.112388.xyz/vi-assets/static-assets/ 716 B
2 KB 158ms
149ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-watching_144x144-631a1da177f9fda1a7f4614ad8e607bd.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

095a2050fffeee67efcc5dffaa579dd76fe3916b3de4c384aa037acca45d9c9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPrStPvLvFOQDROXLHqj3nxoDLTuK5kJXAihOlqTaxKFxAghzCBKcXavl75FO9DFY_IWhKA
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:41 UTC
x-served-by: cache-mia-kmia1760065-MIA
x-timer: S1707090154.031243,VS0,VE1
etag: "ebf3822150dda45cdaae0820a0bc1e98"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-watching_144x144-631a1da177f9fda1a7f4614ad8e607bd.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219427731
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 9036
expires: Thu, 30 Jan 2025 14:59:34 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 716
last-modified: Wed, 31 Jan 2024 14:58:41 GMT
server: cloudflare
x-goog-hash: crc32c=Eoq80Q==, md5=6/OCIVDdpFzargggoLwemA==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h2P5wTUozOXcBP2bhupFGeMzefcSP4%2F99en%2BMwXwLZgR3bim6lKXR8YF4IQRjctNtsZbM6WYJboQODR1F5x71Fw7aUNwZzllowcN1srFiMH1orz1kw8UaKZNAApFw%2BvDqGuOObL5AV7vPDA%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 716
accept-ranges: bytes
cf-ray: 8506c55688030331-MIA

GET
H2 200 book-review-album-art-v2-thumbLarge-v3.jpg
static01.nyt.com/images/2018/03/27/books/book-review-album-art-v2/ 3 KB
3 KB 57ms
44ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2018/03/27/books/book-review-album-art-v2/book-review-album-art-v2-thumbLarge-v3.jpg?quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

99013b5f831f3762b1a2648e07bb3116d914c5b1539bdf4fe0634602cc26b19e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Tue, 03 Oct 2023 13:23:18 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300718
age: 296253
x-guploader-uploadid: ADPycdvWAmkx95gCPu14IQ4q4BE3dphI347Cam23BbGkeCIoa-nNMMO9_VMy5Xo8Q1qd4tiwBGGtFt-VA9JTnOfOljAGxQ
x-cache: HIT, HIT
fastly-io-info: ifsz=10250 idim=150x150 ifmt=jpeg ofsz=2772 odim=150x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 2772
x-served-by: cache-iad-kjyo7100097-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090154.011688,VS0,VE0
etag: "f6YZ2ZJovRqmFs0MIuaEVzpH2+CtkFFBiLmf31seml4"
vary: Accept
x-goog-generation: 1662891747534151
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=EsOybg==, md5=cjEwJ43bqRCDXcDgnJcMnA==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 10250
x-amz-checksum-crc32c: EsOybg==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 6337, 16663

GET
H2 200 music-popcast-thumbLarge-v3.jpg
static01.nyt.com/images/2011/05/20/multimedia/music-popcast/ 4 KB
4 KB 50ms
37ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2011/05/20/multimedia/music-popcast/music-popcast-thumbLarge-v3.jpg?quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

7e76ec11f2baa0f7948d92891718df73970877050a5b48e2b6fb9b340378a2d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Tue, 10 Oct 2023 16:00:57 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300701
age: 559888
x-guploader-uploadid: ADPycdt8GLzOK2GA-IX_ZuZPrjYsWk_7iJzaF1bRZysGkxzR67iJrwH3T01KlbrUrDKZ87h5mxJ_z1U3NdBU81wR4hJ1lQ
x-cache: HIT, HIT
fastly-io-info: ifsz=24419 idim=150x150 ifmt=jpeg ofsz=3828 odim=150x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 3828
x-served-by: cache-iad-kiad7000117-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090154.011002,VS0,VE1
etag: "qr3LW0rNOUvnYKyDbm09gWnw94oFzi+G4wvyjqveNos"
vary: Accept
x-goog-generation: 1538741982829422
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=VUkWbw==, md5=jSTktUwT+uCRgjlqA0y9BQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 24419
x-amz-checksum-crc32c: VUkWbw==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 70, 15599

GET
H3 200 icon-open-thread-fashion_144x144-8e1b4b3fd68c2f333faa63097da2249b.webp
g.112388.xyz/vi-assets/static-assets/ 2 KB
3 KB 166ms
157ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-open-thread-fashion_144x144-8e1b4b3fd68c2f333faa63097da2249b.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8aca80728030390ca27a845ca99c8e6bd9174aea22b4060971d1a0ea9a8e9454

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPoYh8MrEyafgyYYGerZoMEhP7cuqdiHrhODNK_uG8fOj7ujg90wDCj7r_85rOjJ9jHwOa8
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:41 UTC
x-served-by: cache-mia-kmia1760062-MIA
x-timer: S1707090154.032405,VS0,VE1
etag: "9234a6e50533c0f78cd1097f674d2c47"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-open-thread-fashion_144x144-8e1b4b3fd68c2f333faa63097da2249b.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219404066
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 9033
expires: Thu, 30 Jan 2025 14:59:36 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 2102
last-modified: Wed, 31 Jan 2024 14:58:41 GMT
server: cloudflare
x-goog-hash: crc32c=pc/b8Q==, md5=kjSm5QUzwPeM0Ql/Z00sRw==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JbOd2MCBeYSggMaunquhA8yKwlaQAjwLDoEuql%2BYhvElzhlOvm3GhejXQWMj9wMlvyK9hkmhOz3kr5je7kq%2Blt4eSV%2FpplY4b9cfiUt30mDaS7K9JIzYq%2FzTajRH6%2Fg4usoENkeSFrQRBIs%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 2102
accept-ranges: bytes
cf-ray: 8506c55688050331-MIA

GET
H3 200 icon-love-letter_144x144-ca0ec74f4bdd665895bfab2e923eca66.webp
g.112388.xyz/vi-assets/static-assets/ 2 KB
3 KB 183ms
175ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-love-letter_144x144-ca0ec74f4bdd665895bfab2e923eca66.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

612414151e0b7f8ab5b7e572fe287acf1202084cda302adb8522397f462ba305

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPpnNSTV2E_Pah2bNI6o4ZI7BKZ-icbz8I1E_AfRfo93Kr53vwsh0bvQZgNPrymp8fO3mA
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:41 UTC
x-served-by: cache-mia-kmia1760080-MIA
x-timer: S1707090154.035941,VS0,VE1
etag: "36b0ee5560fe3fad8cff0f177d747f87"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-love-letter_144x144-ca0ec74f4bdd665895bfab2e923eca66.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219396228
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 9274
expires: Thu, 30 Jan 2025 14:59:53 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 2162
last-modified: Wed, 31 Jan 2024 14:58:41 GMT
server: cloudflare
x-goog-hash: crc32c=Io8sdg==, md5=NrDuVWD+P62M/w8XfXR/hw==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EwpIIIB%2FsG%2BC8htEqw2qrIdE1UBGg5Atn79Ko%2FWn4lzVRruD7htOa1nFaP4zlh%2F23vCmaMgC2ZEi7NtIUApZb9%2F0%2FKncCjTTOSoldinqlQvJQ0Xjzqq1D3ghNK6pORoHQwHV9vbKPvPrWj0%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 2162
accept-ranges: bytes
cf-ray: 8506c55688060331-MIA

GET
H2 200 modernlove-logo-thumbLarge-v3.jpg
static01.nyt.com/images/2020/09/21/podcasts/modernlove-logo/ 4 KB
4 KB 50ms
38ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2020/09/21/podcasts/modernlove-logo/modernlove-logo-thumbLarge-v3.jpg?quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

9377e1ed8c646a7ae8b8b570821baf287765c047e9dab20fa71a4eb76a40c294

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Wed, 13 Sep 2023 08:39:00 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 478176
x-guploader-uploadid: ADPycdt0XxgLthW-lZusqwlATkcSRIv3_Foir_nooE-41Aj9CfXpw6sooNFUEKbC1E3nqdM3EF1EfkJPaAHLz0c5XCtAEBsey_xl
x-cache: HIT, HIT
fastly-io-info: ifsz=11068 idim=150x150 ifmt=jpeg ofsz=4084 odim=150x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 4084
x-served-by: cache-iad-kcgs7200165-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090154.010968,VS0,VE0
etag: "m/kFRv2O1tFCo0C85yLpe5fDFs//5pFoSBOWMgnJf9E"
vary: Accept
x-goog-generation: 1665608966820623
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=BQuLtQ==, md5=p/lR9gCKmtliQRSN6dd/dg==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 11068
x-amz-checksum-crc32c: BQuLtQ==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 15517, 16474

GET
H2 200 matter-of-opinion-album-art-thumbLarge-v2.jpg
static01.nyt.com/images/2023/05/08/podcasts/matter-of-opinion-album-art/ 4 KB
5 KB 157ms
156ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/05/08/podcasts/matter-of-opinion-album-art/matter-of-opinion-album-art-thumbLarge-v2.jpg?quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

71b2f4fee2ed4163e1ef309ca22a8a108aab0ba7cfb535d38b33c1ec3718836a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Mon, 02 Oct 2023 15:32:50 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300710
age: 295884
x-guploader-uploadid: ADPycdt0TrNqndBEgkmC118TvA85g415qMWEAee92mC0Bcva_u9DBgWVzdZgq8SIX8GJuvMvlfmIJIZaC4IYtgW7H_q0ZA
x-cache: HIT, HIT
fastly-io-info: ifsz=12674 idim=150x150 ifmt=jpeg ofsz=4132 odim=150x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 4132
x-served-by: cache-iad-kiad7000079-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090154.098969,VS0,VE0
etag: "yoekWzapvzDgK5g1tJpvXR4Q3abo6OZMw027E8Ag3Fo"
vary: Accept
x-goog-generation: 1685027532007855
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=cBstdQ==, md5=af0IeRKwURQQpabIs66V1Q==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 12674
x-amz-checksum-crc32c: cBstdQ==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 74, 10643

GET
H2 200 ezra-klein-album-art-square320-v2.jpg
static01.nyt.com/images/2021/01/12/podcasts/ezra-klein-album-art/ 9 KB
9 KB 157ms
157ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2021/01/12/podcasts/ezra-klein-album-art/ezra-klein-album-art-square320-v2.jpg?quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

eb66d19d76b2a591f290eb9cbefa2faf0a2c8f90b124cb937270ab4b8adee08e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Mon, 25 Sep 2023 16:12:19 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 402382
x-guploader-uploadid: ADPycdtXVDTP8QzGERPZi4CW1c_L9U1YZn0yIJJIey62gH3MRboydnhdyrf0uT-gfnZcxRQKATzHyiFEH0n014jmxHC0bQ
x-cache: HIT, HIT
fastly-io-info: ifsz=26546 idim=320x320 ifmt=jpeg ofsz=9114 odim=320x320 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 9114
x-served-by: cache-iad-kiad7000062-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090154.098965,VS0,VE0
etag: "I8CFstK+e/z6clnl3bXOFjL81AzI4rEnG10lPXiE8TY"
vary: Accept
x-goog-generation: 1635784873905458
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=bgL3XA==, md5=gRKhpC1X4GNr6vjxBbhc7g==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 26546
x-amz-checksum-crc32c: bgL3XA==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 247, 8113

GET
H2 200 headlines-albumartwork-audioapp-2-thumbLarge.png
static01.nyt.com/images/2022/10/12/podcasts/headlines-albumartwork-audioapp-2/ 13 KB
13 KB 175ms
174ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2022/10/12/podcasts/headlines-albumartwork-audioapp-2/headlines-albumartwork-audioapp-2-thumbLarge.png?quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

bcbbfe66a2e17c1dbc127ccea0f4fec035d42d51d1741332275026e291d79be8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Fri, 20 Oct 2023 14:00:23 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300707
age: 561226
x-guploader-uploadid: ADPycdvcZw_RvVMFlkZc-xVGK9Qm1jixjRMOF1OZQTuJz-ns8UHD7U3fmD1ap8dkm3WKHbSW9KRYqouno2vTFey4_12ZycrQY02c
x-cache: HIT, HIT
fastly-io-info: ifsz=20844 idim=150x150 ifmt=png ofsz=12952 odim=150x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 12952
x-served-by: cache-iad-kcgs7200036-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090154.099372,VS0,VE0
etag: "LbFwq71cDcti1tLA50q2p9CsL0R7Xg7ULZY6QK7bdcY"
vary: Accept
x-goog-generation: 1680812038156789
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=5MfQCw==, md5=qqLRi3ewu5a5crO4pskKzg==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 20844
x-amz-checksum-crc32c: 5MfQCw==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 28, 16448

GET
H3 200 icon-tkorc_144x144-912ab7502129bc56d0c809d1d33396f8.webp
g.112388.xyz/vi-assets/static-assets/ 5 KB
6 KB 183ms
175ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-tkorc_144x144-912ab7502129bc56d0c809d1d33396f8.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c3bb445a65f00a954fc1e0d957690acc408f2e9904ef44d033e87f65e7160fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPqa99rwoJRjBOhmGjhDRF5mFI0Nygzibdz3jX8trgEJnUE7VKIRTOIGf3jfrSZnISri74Y
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:40 UTC
x-served-by: cache-mia-kmia1760089-MIA
x-timer: S1707090154.031730,VS0,VE1
etag: "6035f0817e77088d891d178c2174de76"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-tkorc_144x144-912ab7502129bc56d0c809d1d33396f8.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219418296
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 9322
expires: Thu, 30 Jan 2025 14:59:09 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 4630
last-modified: Wed, 31 Jan 2024 14:58:41 GMT
server: cloudflare
x-goog-hash: crc32c=hCF/7A==, md5=YDXwgX53CI2JHReMIXTedg==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VSEKIB4TbCKkuw4kz6hOlc9kpHYvHGvO7JG5iNLRpfBzWhS%2FPWfL2n3GCJXrPfQwwjfznjtp6soXgac7dGUrQLWlQ6M2tX2wnlaxBNrFmo3J6uZ1UY9udXvFAcA%2Fp1Gog%2Bg8cDKMT6Chojo%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 4630
accept-ranges: bytes
cf-ray: 8506c55688080331-MIA

GET
H3 200 icon-reporter-reads_144x144-f63cbc9989c9a468682611ad1f6f5d63.webp
g.112388.xyz/vi-assets/static-assets/ 1 KB
3 KB 184ms
176ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-reporter-reads_144x144-f63cbc9989c9a468682611ad1f6f5d63.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b49a5061864b4b935b6055a17db8704dfb40f092ab777c9e2d578f195fc7c38c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPpokApykH2_NaJTKzf29vEJCwLUzNMHt3sctAtkrOVlUOzXOPcT4AM9Tcw1aUGmtN45S9GNkiM-jA
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:40 UTC
x-served-by: cache-mia-kmia1760038-MIA
x-timer: S1707090154.028381,VS0,VE2
etag: "46ff016e8e7d9fb709ee54c06a6e9a7c"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-reporter-reads_144x144-f63cbc9989c9a468682611ad1f6f5d63.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219425034
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 9361
expires: Thu, 30 Jan 2025 15:02:33 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 1196
last-modified: Wed, 31 Jan 2024 14:58:41 GMT
server: cloudflare
x-goog-hash: crc32c=AwRITw==, md5=Rv8Bbo59n7cJ7lTAam6afA==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z0VXGoaS5qVNfrM5OtTHiUTU8RS8cCi5eneg6qNah4oTkebFP1xZKisR4OIB%2Bgm%2Bviak6b70ctVuOGmwe10t%2B6XX9YSjYHkBFks3B00VWgY%2Fqq8NAUuyKAnbTZ8TCXP7dUxM6EW%2BLE9MQNw%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 1196
accept-ranges: bytes
cf-ray: 8506c55688090331-MIA

GET
H3 200 icon-audio_144x144-dc00c6581be29065cbd19ec7a83a3767.webp
g.112388.xyz/vi-assets/static-assets/ 550 B
2 KB 108ms
100ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-audio_144x144-dc00c6581be29065cbd19ec7a83a3767.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c11193952e3a7f5c5887a688239ba863628181c0a55f8bc3ab687ff755c1a33

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPpn2dEgalKsQ5rjSnCpvW7pi4wMsC3kwls-rAikaNGMlXbs2gVgAZlNRjvpZkvCyGji4Cs
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:40 UTC
x-served-by: cache-mia-kmia1760058-MIA
x-timer: S1707090154.029430,VS0,VE1
etag: "24ce98a477c7ea5c0a87f86f39e41af7"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-audio_144x144-dc00c6581be29065cbd19ec7a83a3767.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219368868
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 9357
expires: Thu, 30 Jan 2025 15:00:00 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 550
last-modified: Wed, 31 Jan 2024 14:58:41 GMT
server: cloudflare
x-goog-hash: crc32c=vX1hzg==, md5=JM6YpHfH6lwKh/hvOeQa9w==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a6abz%2B6ybCLfUk%2Fiz%2BUyWE2%2FBoehgOQZiLgc5jdOVI%2FRemL9WCmtS96idZTGgMu0iHMkL9NWpTgip5zQL5j9SH639Letwz2pdicOmT6ouKB4Fu1ToH710SI2Yw7RRKE02rIhnHtE1EFl%2BlA%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 550
accept-ranges: bytes
cf-ray: 8506c556880a0331-MIA

GET
H3 200 icon-gameplay_144x144-b6cc5e2a7cc27a43096274a02921329c.webp
g.112388.xyz/vi-assets/static-assets/ 678 B
2 KB 184ms
176ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-gameplay_144x144-b6cc5e2a7cc27a43096274a02921329c.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

264062387185aeac238d90328f12342a4dac123baa47d7981dc2797a43dd39ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPrsNaB5wHsR7c6GDAZ0FsymySdN65iP_dEMaJn9oS7KXSjZoDv_-2HDm4TIUriFVUr6Rg
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:40 UTC
x-served-by: cache-mia-kmia1760054-MIA
x-timer: S1707090154.060567,VS0,VE1
etag: "02f62939409fc27f9897a8cca610d9eb"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-gameplay_144x144-b6cc5e2a7cc27a43096274a02921329c.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219393688
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 9251
expires: Thu, 30 Jan 2025 14:59:28 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 678
last-modified: Wed, 31 Jan 2024 14:58:41 GMT
server: cloudflare
x-goog-hash: crc32c=2mq0ow==, md5=AvYpOUCfwn+Yl6jMphDZ6w==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jCQZutntcRYbHMD5C7r0MAHxk%2B47nk6siY72EbsHGKesSNiNsKehsNPaFX1CJah3XgUTmMjw5BeX%2F6vW%2F4RbIiYv9%2FZwBsZLB7vpv3ppV7XOuOBOQeVRRQgrmqxMDb%2BISifiazlbnfLEYx8%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 678
accept-ranges: bytes
cf-ray: 8506c556880d0331-MIA

GET
H3 200 icon-cooking_144x144-5a8be1ef711d4ba5e66b0be7a2ca8bfe.webp
g.112388.xyz/vi-assets/static-assets/ 1 KB
3 KB 185ms
177ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-cooking_144x144-5a8be1ef711d4ba5e66b0be7a2ca8bfe.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a6bd1e9706f15358fb636bb52f69b755d936a79adc1e5056c439cd59cbb41ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPq8ZpgVfGrxRI_1Nv550tBxMso4_ohSVX_-DwMgQ2VkInK02b1UJBkV45iX_0JutfSIpFQ
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:40 UTC
x-served-by: cache-mia-kmia1760023-MIA
x-timer: S1707090154.034710,VS0,VE1
etag: "52dc1622da9acdd8e9d6425b778018a2"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-cooking_144x144-5a8be1ef711d4ba5e66b0be7a2ca8bfe.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219379295
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 9260
expires: Thu, 30 Jan 2025 14:59:38 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 1304
last-modified: Wed, 31 Jan 2024 14:58:41 GMT
server: cloudflare
x-goog-hash: crc32c=Y3AEUw==, md5=UtwWItqazdjp1kJbd4AYog==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FV%2FuCcyM%2FXI%2BVY2hElOWvJInfqOctE2oL2IppQOxKnB7XSwO0sWKP3ACt4R8rgs57hCrV9bPWlDEYcwkdp2GkeEyLWzA75SDFHKZRnOT%2FTLp5VEq%2BImvgiL6t4eYAPY%2BuHBURY1weAMNpbk%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 1304
accept-ranges: bytes
cf-ray: 8506c556880e0331-MIA

GET
H3 200 icon-the-veggie_144x144-f99606e1ca100f88cdfd8d763bf442c5.webp
g.112388.xyz/vi-assets/static-assets/ 4 KB
5 KB 185ms
178ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-the-veggie_144x144-f99606e1ca100f88cdfd8d763bf442c5.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac3c156a0e6cc290e315b2cf97ce75c4ce23417e33628e964196ea3fcd2cfffb

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPqaQg-y-AbqgdSOkohk6Stc7oO64j0__h70UlaN2OCpsfP55ZwcKoyPKbcOUiGov_YiB_O76S9ynQ
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:40 UTC
x-served-by: cache-mia-kmia1760058-MIA
x-timer: S1707090154.052888,VS0,VE1
etag: "a3eac57b118046245537a040ece53296"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-the-veggie_144x144-f99606e1ca100f88cdfd8d763bf442c5.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219410188
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 9462
expires: Thu, 30 Jan 2025 15:00:13 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 3846
last-modified: Wed, 31 Jan 2024 14:58:41 GMT
server: cloudflare
x-goog-hash: crc32c=5bXk5w==, md5=o+rFexGARiRVN6BA7OUylg==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4nkSO0vusloMJR6d4qRFWNEAyvSTYja9be6wcAAR%2FD07bB6%2BP3WAtL2dbfi9vQeUUI8HtikZEDROzjW%2FgLGpMcitpACndGGCGDXqCdPotEZiiMUswVv7XJFZZgjFI2%2Bk1AZwc1WLkcWdmwY%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 3846
accept-ranges: bytes
cf-ray: 8506c55688110331-MIA

GET
H3 200 icon-five-weeknight-dishes_144x144-97d51c5d4ba98233667b4057e3d852ab.webp
g.112388.xyz/vi-assets/static-assets/ 3 KB
5 KB 185ms
178ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-five-weeknight-dishes_144x144-97d51c5d4ba98233667b4057e3d852ab.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3e01a24e357418c6b81f191cdc6fedf29f78d0b8002725c1f9b3e2d4d9233cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPrNUhYs9bP9fkIn2wT4DNRlTIriQhE68M_YxvztZKq_6LbOrSEPIsVzZx9gxJH6tPBYijMUbulIFw
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:40 UTC
x-served-by: cache-mia-kmia1760061-MIA
x-timer: S1707090154.036410,VS0,VE1
etag: "91e51718c8fbf5057e408865d634eefa"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-five-weeknight-dishes_144x144-97d51c5d4ba98233667b4057e3d852ab.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219397430
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 8884
expires: Thu, 30 Jan 2025 15:00:01 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 3322
last-modified: Wed, 31 Jan 2024 14:58:41 GMT
server: cloudflare
x-goog-hash: crc32c=xEsd0w==, md5=keUXGMj79QV+QIhl1jTu+g==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qgwtRKlv4HQ4BiZzuyobKz%2F%2Fj%2Byi0GPtnqVBRAQcHgwxUrPxoKyMezXgfpeO9JXM4dxF1PUmilfs9opTwRqRdZ1fvNHdN6eUmZ4qTDEQSyaDzwS%2BFVoeylU3MaPuNHcgUZjsEOgqg9J8RJo%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 3322
accept-ranges: bytes
cf-ray: 8506c55688130331-MIA

GET
H3 200 icon-the-recommendation_144x144-3e66bd6cc82013bd511c31a8f04d4ff7.webp
g.112388.xyz/vi-assets/static-assets/ 1 KB
2 KB 186ms
178ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-the-recommendation_144x144-3e66bd6cc82013bd511c31a8f04d4ff7.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

161376c4f90d4e97682e18c3363465dd9dffd7c346a24961b1b563862f59bd09

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPogHxu8WLFN2zis2M9xnRn8qK8TTa1Nd3WbmXqyAndas1_6taze9zOjLCDUk2RwvTkaZLY
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:40 UTC
x-served-by: cache-mia-kmia1760029-MIA
x-timer: S1707090154.037522,VS0,VE1
etag: "c902f5d2af0f2e13ef1e29ce7a3d4350"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-the-recommendation_144x144-3e66bd6cc82013bd511c31a8f04d4ff7.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219423484
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 9400
expires: Thu, 30 Jan 2025 15:11:32 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 1058
last-modified: Wed, 31 Jan 2024 15:02:47 GMT
server: cloudflare
x-goog-hash: crc32c=sYXh8w==, md5=yQL10q8PLhPvHinOej1DUA==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Fl43wlcg3GuNZf8yEuy8CFdQk5w7l8xhPQYVEhC0aI5paxCHSBEmTCxHG2LAyeUbjJUwPRjdSr%2FJtGKwmlwtjKcW0GQ8o%2FGmXAArK7BnggdXbw331OjDRyguHb1ywfpzfP4KEUjy6H%2FN7s%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 1058
accept-ranges: bytes
cf-ray: 8506c55688150331-MIA

GET
H3 200 icon-clean-everything_144x144-97312e349d7284039a2153cb541b7fda.webp
g.112388.xyz/vi-assets/static-assets/ 2 KB
4 KB 186ms
178ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-clean-everything_144x144-97312e349d7284039a2153cb541b7fda.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

299d2fa755a26bd5007a26fdf65958b73598c74456b1d81cd72244e54b8a6dcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPo1fvnhPVnY1p3OXZ2dUVTFCcUEcZv8p0um4VFCnty8xyc5lZE5oNX-JbMCvLyQv2GseNqoatJzXQ
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:40 UTC
x-served-by: cache-mia-kmia1760051-MIA
x-timer: S1707090154.034725,VS0,VE1
etag: "d75bf842483274a9d6c4274aa6367e1c"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-clean-everything_144x144-97312e349d7284039a2153cb541b7fda.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219381472
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 9128
expires: Thu, 30 Jan 2025 15:04:50 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 2380
last-modified: Wed, 31 Jan 2024 15:02:47 GMT
server: cloudflare
x-goog-hash: crc32c=fboKBw==, md5=11v4QkgydKnWxCdKpjZ+HA==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6TJxo4XQjc3VhivdlURtAeOIJJZiUpQF7e%2BCEBcloKJGMTM0Klt3YbYmqUBvMctorDoYLtDosyh95dS3fn97C1aRcFbi%2Fy%2FDIXKspS2URdwxEb137SOpspkSVlgq2Krv7dKqFhTSF3f0%2Fr4%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 2380
accept-ranges: bytes
cf-ray: 8506c55688170331-MIA

GET
H3 200 icon-athletic-pulse_144x144-393cbda91e2678278456723b62a9b21f.webp
g.112388.xyz/vi-assets/static-assets/ 3 KB
4 KB 230ms
222ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-athletic-pulse_144x144-393cbda91e2678278456723b62a9b21f.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06276214001978a8f3382e91ec5fadf2bd507f174f950e8cdeca4a0e91f170a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPrZFVpIyAHf7jCSSEn-mKk5m3QDFeiNL-3MTlDvk3DjoxVHrla39Kphr0KMriPZrOK4SWg
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:40 UTC
x-served-by: cache-mia-kmia1760067-MIA
x-timer: S1707090154.040619,VS0,VE1
etag: "cba067c899fc1935a8adb9c03c5e9ae2"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-athletic-pulse_144x144-393cbda91e2678278456723b62a9b21f.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219349623
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 2292
expires: Thu, 30 Jan 2025 14:59:54 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 2720
last-modified: Wed, 31 Jan 2024 14:58:41 GMT
server: cloudflare
x-goog-hash: crc32c=ou6wHg==, md5=y6BnyJn8GTWorbnAPF6a4g==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fxp1fL%2FGkedltyj9cj1Kd1YwiYXgOnyYdCMDjVnOIKzScNfceOOws9lpTbbp1w%2BmYPeVlVw7U4XpBvXJ1XI7udfSYN96wFkinemtwZKxo00vasCGU5eTB%2FM%2B4%2FCwe%2BC%2F%2BCmrwtEVc0goVtQ%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 2720
accept-ranges: bytes
cf-ray: 8506c55688180331-MIA

GET
H3 200 icon-athletic-windup_144x144-c03f2bf7ebd88f1c239ba4a6b2228679.webp
g.112388.xyz/vi-assets/static-assets/ 3 KB
5 KB 233ms
225ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-athletic-windup_144x144-c03f2bf7ebd88f1c239ba4a6b2228679.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04247f45e4298b818db5d6161620f2b9ee1d782aa4560a45f5765c41c672d6a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPr57QkMLMhW7pe_lZ0rMKgkDRTwYwghtkQPVWHHawV5bkPfmHqs28-ynKly9OWmUAWbjA
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:40 UTC
x-served-by: cache-mia-kmia1760083-MIA
x-timer: S1707090154.040544,VS0,VE1
etag: "eb2a6b7e7581fba3e997ac6f6d138d16"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-athletic-windup_144x144-c03f2bf7ebd88f1c239ba4a6b2228679.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219349590
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 9492
expires: Thu, 30 Jan 2025 15:03:02 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 3280
last-modified: Wed, 31 Jan 2024 15:02:47 GMT
server: cloudflare
x-goog-hash: crc32c=TJQMEw==, md5=6yprfnWB+6Ppl6xvbRONFg==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XCYKXzc58VPf3MkvAflxlftgQyAp7kB4WbCZ9BOxEHtK6yhDp3PMCUC5vttThx9essJjjZRO7eCHdBF8tNCT1xK%2B%2FCdqDE4WQAYCYYaeJD6nC9VrSvSCQO2XzGqjkQyj1dvHKt8wqzl%2FtEs%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 3280
accept-ranges: bytes
cf-ray: 8506c556881a0331-MIA

GET
H3 200 icon-athletic-bounce_144x144-d34328790b2997ede21ed0cda6dc98db.webp
g.112388.xyz/vi-assets/static-assets/ 4 KB
5 KB 234ms
226ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-athletic-bounce_144x144-d34328790b2997ede21ed0cda6dc98db.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9598017c8fd717e1850704f5ecc3acce7888e24b9a152ed5557dad1003efa2ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPqRqD9KkLVO0bbf_nPUsCRt9fyB_x_TvKdgK193cOcLqeCU8X4HzvBd8KSPr2mmclBIvEc
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:40 UTC
x-served-by: cache-mia-kmia1760026-MIA
x-timer: S1707090154.041230,VS0,VE1
etag: "db8438537a93662fea1f15cecbd8a5fe"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-athletic-bounce_144x144-d34328790b2997ede21ed0cda6dc98db.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706216219332880
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 9215
expires: Thu, 30 Jan 2025 14:59:17 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 3770
last-modified: Wed, 31 Jan 2024 14:58:41 GMT
server: cloudflare
x-goog-hash: crc32c=UsuYAw==, md5=24Q4U3qTZi/qHxXOy9il/g==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yp3S3AFc8LprU0BXW5O1WKkeZcXD8dCEJcvE4Ntr%2BpMERxmgjzM%2BsEzdaQgc1CilGciU0xymDx35YNODt52BbgIfc4LXg4tNkfWR%2FXiP5jo0w2ZY7OVjAgODPDgPVgeofoDsJ1qlwpYV%2BII%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 3770
accept-ranges: bytes
cf-ray: 8506c556881b0331-MIA

GET
H3 200 icon-athletic-full-time_144x144-1d24f18a01b35a9ebac2e0374a200691.webp
g.112388.xyz/vi-assets/static-assets/ 3 KB
4 KB 234ms
227ms Image
image/webp 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://g.112388.xyz/vi-assets/static-assets/icon-athletic-full-time_144x144-1d24f18a01b35a9ebac2e0374a200691.webp

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94d8b663df54b8d00643cb8a84823af0a5bd93c3e491e227b7996246e1677373

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-guploader-uploadid: ABPtcPpo2WioA_CcYli6pVhUYG21vp7DpA22G6tMoaK9nJVLtKKkK77CTJ76FLjMgYt3yhMjVitvLr87KQ
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:40 UTC
x-served-by: cache-mia-kmia1760048-MIA
x-timer: S1707090154.033483,VS0,VE1
etag: "98388ee1b5a6af6d242c84f110a437eb"
vary: Fastly-SSL, Accept-Encoding
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-athletic-full-time_144x144-1d24f18a01b35a9ebac2e0374a200691.webp
content-type: image/webp
access-control-allow-origin: *
x-goog-generation: 1706367251490510
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 9217
expires: Thu, 30 Jan 2025 15:18:02 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 3008
last-modified: Wed, 31 Jan 2024 15:11:56 GMT
server: cloudflare
x-goog-hash: crc32c=iqFNpA==, md5=mDiO4bWmr20kLITxEKQ36w==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=77zybuCEHeKE1l9EyXXvUYjwldXvdEIVkeVEkx9lpMYAWreHoHZGd0B1Xg6h%2BgHX1Dacu761VDT31TdVBV8HtPr%2FEfAA66QnqTYzSfTXhe85vWNqtWU9DoFbPnD7PitFArbv5hYco%2B6HHIA%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 3008
accept-ranges: bytes
cf-ray: 8506c556881d0331-MIA

GET
H2 200 Sequence-05-threeByTwoMediumAt2X.jpg
static01.nyt.com/images/2024/02/02/autossell/Sequence-05/ 97 KB
97 KB 151ms
151ms Image
image/jpeg 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2024/02/02/autossell/Sequence-05/Sequence-05-threeByTwoMediumAt2X.jpg

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

37b1a1db4e8015e8b99350588f0cc73f73b77339fd2c143dc4b3d3bf18c02fcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Sun, 04 Feb 2024 11:01:19 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 45674
x-guploader-uploadid: ABPtcPqyHzamEH2O2cJoizy2bCE0C3rucoj5l7BNxCRPSQ8z6OpnptmdXpZPKdlgP4VnF5wUR5Q
x-cache: HIT, HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-length: 98902
x-served-by: cache-iad-kcgs7200149-IAD, cache-mia-kmia1760045-MIA
last-modified: Fri, 02 Feb 2024 19:52:40 GMT
server: UploadServer
x-timer: S1707090154.099356,VS0,VE0
etag: "5c628f9a189aac1e7c34dc31c76026f6"
x-goog-generation: 1706903560702194
content-type: image/jpeg
access-control-allow-origin: *
x-goog-hash: crc32c=KHaQ5w==, md5=XGKPmhiarB58NNwxx2Am9g==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 98902
x-amz-checksum-crc32c: KHaQ5w==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 11, 619

GET
H3 200 vendor-e8b61fe9fc86398d03f4.js Show response
g.112388.xyz/vi-assets/static-assets/ 258 KB
74 KB 234ms
227ms Script
application/javascript 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://g.112388.xyz/vi-assets/static-assets/vendor-e8b61fe9fc86398d03f4.js

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dca6cb4eddb8011fd900ed609b91b1a4f372aa00201c2e97bfd4474564371478

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-encoding: br
x-guploader-uploadid: ABPtcPo2oB0pfBfYUG06qfer6vUBwEzf_k9NgnFLG5dP2Sr7MdNzaLFsaPOsQwP5NVJeyLej5A
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:39 UTC
x-served-by: cache-mia-kmia1760091-MIA
x-timer: S1707090154.045242,VS0,VE1
etag: W/"bf562f579e3343e355a3995d9d36597b"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendor-e8b61fe9fc86398d03f4.js
content-type: application/javascript
access-control-allow-origin: *
x-goog-generation: 1706624674185622
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-route: vi-assets
x-nyt-app-webview: 0
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 15514
expires: Thu, 30 Jan 2025 14:32:11 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 31 Jan 2024 14:31:36 GMT
server: cloudflare
x-goog-hash: crc32c=Nlyosw==, md5=v1YvV54zQ+NVo5ldnTZZew==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RULO4iwAKEJFWPc4jUGxqhwf3AsRwRwQa9H9c3gD%2FVViKKOHcLKbv%2F0f%2BtTdBx4WISl%2F9AnAiti4uaUvwomExk2QIAtyovSf3f4BpB537eHuJ5PMEfPLxk9IiqME6xspujnPle6B7X%2FLVeM%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 264259
cf-ray: 8506c556881e0331-MIA

GET
H3 200 home-c8f6a9761955798473fa.js Show response
g.112388.xyz/vi-assets/static-assets/ 1 MB
269 KB 263ms
256ms Script
application/javascript 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://g.112388.xyz/vi-assets/static-assets/home-c8f6a9761955798473fa.js

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c00310f91c044c8b739a5ff3a749597f991a3643251039e21acdfc12ece1b331

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-encoding: br
x-guploader-uploadid: ABPtcPoDQWfPuMoOulxA-O_WQuZ0An141INsbA7CPiiNvxqf0fF-PeivyJCF6BlHo0iYbhDs5dFzJhFQ4A
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-02-01 21:43:46 UTC
x-served-by: cache-mia-kmia1760097-MIA
x-timer: S1707090154.039939,VS0,VE1
etag: W/"d15da4a028ae8f9f2ecc4267553ad922"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/home-c8f6a9761955798473fa.js
content-type: application/javascript
access-control-allow-origin: *
x-goog-generation: 1706823416007144
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-route: vi-assets
x-nyt-app-webview: 0
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 3381
expires: Fri, 31 Jan 2025 21:43:45 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 01 Feb 2024 21:36:56 GMT
server: cloudflare
x-goog-hash: crc32c=QH7v7g==, md5=0V2koCiuj58uzEJnVTrZIg==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NcWGfxnXVavqmefFFIqt%2BBCzLJc54fj9JZx3ZMED7IEIaZAtnYThzloaDeTzEI%2BdHEh9CuvHpUy0iONigEbz23B1LrxeSJf8xd4ZarNcrHrbtc3d614FIMOOlz1dbblNR49%2FB2aCZQli4u0%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 1193655
cf-ray: 8506c55688210331-MIA

GET
H3 200 desktopLogoNav-6f959d5094ea4b8c806e.js Show response
g.112388.xyz/vi-assets/static-assets/ 1 KB
2 KB 388ms
381ms Script
application/javascript 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://g.112388.xyz/vi-assets/static-assets/desktopLogoNav-6f959d5094ea4b8c806e.js

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de9e0de16743ce5453503ea556a0a9d39b834ff4b765aa1161621e840cdf4715

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-encoding: br
x-guploader-uploadid: ABPtcPpBFu4AHj6_rlI7vfu9smOKYle4_xKHMy0e0_5fNzPRDKS7sKxZGWb995meatviRUT2Q-c
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-24 02:35:00 UTC
x-served-by: cache-mia-kmia1760065-MIA
x-timer: S1707090154.038510,VS0,VE1
etag: W/"dff6296bdf9c53e7f90337d6ea2c7957"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/desktopLogoNav-6f959d5094ea4b8c806e.js
content-type: application/javascript
access-control-allow-origin: *
x-goog-generation: 1705520546419678
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-route: vi-assets
x-nyt-app-webview: 0
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 7196
expires: Thu, 23 Jan 2025 02:35:00 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 17 Jan 2024 19:42:26 GMT
server: cloudflare
x-goog-hash: crc32c=mfyctQ==, md5=3/Ypa9+cU+f5AzfW6ix5Vw==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2oFYHBx8dRBlo2cYmMXdLUSguv7bb3w32%2F65r67lWMDi1BFXmo8ISTDCA3b96sIWNExniGaco%2BgwsmRduZkoV9x7072k8WBBHWv1K7T6ghdprdql3zp5wKVEAQgbOK03YI%2BgTtvUPa2%2FQhA%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 1488
cf-ray: 8506c55688230331-MIA

GET
H3 200 nestedNav-9b4533d38f18e610ab6f.js Show response
g.112388.xyz/vi-assets/static-assets/ 101 KB
13 KB 388ms
382ms Script
application/javascript 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://g.112388.xyz/vi-assets/static-assets/nestedNav-9b4533d38f18e610ab6f.js

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d711a21ef5a82e9423c6c32b6a59497a123834f17605833a8a7e320dceb6da7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-encoding: br
x-guploader-uploadid: ABPtcPryTFyXEgui2KSG_SYqm5tq5FPJaaeEJQaWJQzU5R8YP6m-oLMLaTU_2EwYUr7VgjBMZTY
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-02-01 21:32:36 UTC
x-served-by: cache-mia-kmia1760029-MIA
x-timer: S1707090154.044878,VS0,VE1
etag: W/"d99ad2b7cfadd85ed22d9b7fa1fcb2ab"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/nestedNav-9b4533d38f18e610ab6f.js
content-type: application/javascript
access-control-allow-origin: *
x-goog-generation: 1706822854281535
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-route: vi-assets
x-nyt-app-webview: 0
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 6849
expires: Fri, 31 Jan 2025 21:32:36 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 01 Feb 2024 21:27:34 GMT
server: cloudflare
x-goog-hash: crc32c=P0cCTQ==, md5=2ZrSt8+t2F7SLZt/ofyyqw==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AuOwQw6jLLpSlbR0ZS0UeNzS3%2FnfX3Po3IX%2Fcr6kfddICGT3kih48UCbE5HCVO4ALvTwbLO51T6CphntfAsEpOaY65e9NOS%2FW2lKOyFZ3yi8JPZdwtkPqajVx%2FDfkNgzUfQTDn9bPTkxO9A%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 103084
cf-ray: 8506c55688240331-MIA

GET
H3 200 main-b8cd943a3c2de6d69028.js Show response
g.112388.xyz/vi-assets/static-assets/ 2 MB
553 KB 389ms
383ms Script
application/javascript 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://g.112388.xyz/vi-assets/static-assets/main-b8cd943a3c2de6d69028.js

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8288ebf2ea62ff43051047943139a9c18976421f47c57f5072f8f25c92be22e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-encoding: br
x-guploader-uploadid: ABPtcPqmxYoVfePJiVmADon5FibBMgV3CeuMm6IvJ0wuJxNfC2lsV0lKZPuCm7_pq9acke0R5mGr1obTGA
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-02-01 19:56:56 UTC
x-served-by: cache-mia-kmia1760038-MIA
x-timer: S1707090154.037310,VS0,VE1
etag: W/"b4115c78494962e10f1c34f182efaa85"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/main-b8cd943a3c2de6d69028.js
content-type: application/javascript
access-control-allow-origin: *
x-goog-generation: 1706817413180737
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-route: vi-assets
x-nyt-app-webview: 0
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 3
expires: Fri, 31 Jan 2025 19:56:56 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 01 Feb 2024 19:56:53 GMT
server: cloudflare
x-goog-hash: crc32c=a41EZw==, md5=tBFceElJYuEPHDTxgu+qhQ==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=imO7Tm75ZJCBcp3AWf9mOyJJ2ex%2FnNP9%2B1RBpanmbnJ3k9lwyszfN0%2Ff69VqtOQV9I%2By8gwNlGxA2iL19DQFvnaSYcaf9%2BUTtaNceJVZFKtgdxtbsMIGrtWwFsSptACVwBO6fFh4eJ%2Fm%2FH4%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 2101445
cf-ray: 8506c55688250331-MIA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 446 KB
122 KB 377ms
86ms Script
application/javascript 2607:f8b0:4006:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5089baeb4708c5f0eba95833417b8ab4c976bbc728aea5e93656c7be63e63c0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 124343
x-xss-protection: 0
pragma: no-cache
server: Google Tag Manager
vary: *
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 277ms
98ms Preflight 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-entitlements,x-nyt-news-tenure,x-nyt-programming-abtest,x-nyt-targeting-dimensions-map
Access-Control-Request-Method: POST
Origin: https://g.112388.xyz
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-entitlements,x-nyt-news-tenure,x-nyt-programming-abtest,x-nyt-targeting-dimensions-map
access-control-allow-methods: GET,POST
access-control-expose-headers: x-nyt-audience-target-flat,x-nyt-continent,x-nyt-country,x-nyt-region,x-nyt-meridiem,x-nyt-gmt-offset
access-control-max-age: 300
age: 0
content-length: 0
date: Sun, 04 Feb 2024 23:42:34 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Accept-Encoding, Access-Control-Request-Method
via: 1.1 google, 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 22
x-nyt-audience-target-flat: NA:PM
x-nyt-continent: NA
x-nyt-country: US
x-nyt-edge-cache: MISS
x-nyt-meridiem: PM
x-nyt-region: NY
x-samizdat-query-exe-id: 9514f1bbdbb4ab3a
x-samizdat-query-field-errors: 0
x-served-by: cache-mia-kmia1760037-MIA
x-timer: S1707090154.160034,VS0,VE51

POST
H2 200 track
a.et.nytimes.com/ 0
0 383ms
69ms Ping
text/plain 52.203.246.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: g.112388.xyz
URL: https://g.112388.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.203.246.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-203-246-132.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://g.112388.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST v2
samizdat-graphql.nytimes.com/graphql/ 0
0

GET als
als-svc.nytimes.com/ 0
0

GET
H2 200 grumi-ip.js Show response
rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/ 16 KB
6 KB 361ms
69ms Script
application/javascript 2600:9000:2511:600:4:b37b:9440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Requested by: Host: g.112388.xyz
URL: https://g.112388.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2511:600:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bcdaa8b0e5b0f57f19d17de2c58d7206e3d275da122a0d4e3176a67257595b5e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:23:30 GMT
x-amz-version-id: nWzCMaBTdG.LJzQd7eqTJCaATWEfreW8
content-encoding: br
last-modified: Mon, 18 Dec 2023 12:16:19 GMT
server: AmazonS3
via: 1.1 17eb4ce9c34597b3328325a19f8138fe.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P6
etag: W/"229a75f6b428e87e913ddfb377e45f31"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=14400, stale-while-revalidate=14400, immutable
age: 1145
x-amz-cf-id: KC9BKRqXrnoyLamLt6-R70S_-S-9_gWIljZI-LIfWtt8KuQrWiiMFQ==

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 286 KB
71 KB 277ms
65ms Script
application/javascript 18.238.48.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: g.112388.xyz
URL: https://g.112388.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.238.48.238 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-238-48-238.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7065a2ec4d3eef56b6e67c96b52f5132184c8f5111742aae0be310c774b16e5d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 22:51:39 GMT
content-encoding: gzip
via: 1.1 3dcb635971b5d310e8941cdb963aff70.cloudfront.net (CloudFront), 1.1 4e1c4d133adc8d8214916eeaddd7af66.cloudfront.net (CloudFront)
last-modified: Thu, 01 Feb 2024 21:58:47 GMT
server: AmazonS3
x-amz-cf-pop: IAD89-C3, JFK52-P3
age: 3056
x-amz-server-side-encryption: AES256
etag: W/"5a62bfa168fecdfeef387bf7ceaf9693"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: IHTVQsiQCC3sdbOPc-33VWKaFces6YHdiNbmjnANWbaTCcYwctSIjg==

GET
H2 200 prebid8.25.0.js Show response
www.nytimes.com/ads/ 315 KB
317 KB 948ms
807ms Script
text/javascript 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/ads/prebid8.25.0.js

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

c11d50a1918e615029f239580a1d4a1aa32328fdd6149225cc74e411c84db96e

Security Headers

Name

Value

Content-Security-Policy

upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ABPtcPqe320Y7-9IMKDBd8d5h2oz5Mv2oSMMoTsBT_S6ZCNThxa4nN9potH3qMLWKCQXbKAFwAk
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-02-04 23:42:35 UTC
x-served-by: cache-mia-kmia1760045-MIA
x-timer: S1707090154.317965,VS0,VE778
etag: "78c86859abaee40f233a9a8c96540124"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1701363099682984
content-type: text/javascript
access-control-allow-origin: *
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/ads/prebid8.25.0.js
access-control-expose-headers: X-Nyt-Mktg-Group
x-nyt-route: ads-static-assets
cache-control: private, max-age=0
x-nyt-app-webview: 0
x-nyt-edge-cache: MISS
x-amz-checksum-crc32c: b1VVOA==
x-cache-hits: 0
expires: Sun, 04 Feb 2024 23:42:34 GMT
date: Sun, 04 Feb 2024 23:42:35 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: MISS
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
content-length: 322837
last-modified: Thu, 30 Nov 2023 16:51:39 GMT
server: UploadServer
x-goog-hash: crc32c=b1VVOA==, md5=eMhoWauu5A8jOpqMllQBJA==
x-gdpr: 0
x-goog-stored-content-length: 322837
permissions-policy: browsing-topics=()
accept-ranges: bytes

GET
H2 200 franklin-normal-700.91eaf6b5642463af4091160b4bbfdfcb.woff2
g1.nyt.com/fonts/family/franklin/ 20 KB
20 KB 184ms
53ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-700.91eaf6b5642463af4091160b4bbfdfcb.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

b5221e0636a97505ae38720d4ef182d35be5fb47d2628428db4fc918ab7ee30e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://g.112388.xyz
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Fri, 02 Feb 2024 05:46:14 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 1604412
x-guploader-uploadid: ADPycdvQ2tsmGwZia24nvWakIeZnee2wv1rzUt2BXERCh59TPYCEAO8j_YhUC7Tm9O6g4YhfpMMJc6RN-GAWsVjQQ9iUrw
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20276
x-served-by: cache-mia-kmia1760085-MIA
last-modified: Tue, 17 Jan 2023 21:42:56 GMT
server: UploadServer
x-timer: S1707090154.160092,VS0,VE0
etag: "91eaf6b5642463af4091160b4bbfdfcb"
vary: X-Goog-Allowed-Resources
x-goog-generation: 1673991776265363
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=teZvhg==, md5=ker2tWQkY69AkRYLS7/fyw==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 20276
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 13997

GET
H2 200 franklin-normal-500.0f4aea3d462cdb64748629efcbbf36bc.woff2
g1.nyt.com/fonts/family/franklin/ 19 KB
20 KB 224ms
94ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-500.0f4aea3d462cdb64748629efcbbf36bc.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

0b904723c5938b523c9ae329ba2b763681cb1de225c8f202d11012cbfd533f1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://g.112388.xyz
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Fri, 02 Feb 2024 05:46:14 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 5236092
x-guploader-uploadid: ADPycdu6oPoB1lrm4nrC4uTUUYNY-TofJyZlB9vtnbOiIBPE-fi_s2qGLKfRMBlk6qzPidfKWIlELGLSh8aAJjFiZPkf-A
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 19816
x-served-by: cache-mia-kmia1760085-MIA
last-modified: Tue, 17 Jan 2023 21:42:56 GMT
server: UploadServer
x-timer: S1707090154.161223,VS0,VE0
etag: "0f4aea3d462cdb64748629efcbbf36bc"
vary: X-Goog-Allowed-Resources
x-goog-generation: 1673991776231570
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=bdL0Mw==, md5=D0rqPUYs22R0hinvy782vA==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 19816
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 14277

GET
H2 200 franklin-normal-800.fdc7cad17deeec2db1fe2f9f8c0520ed.woff2
g1.nyt.com/fonts/family/franklin/ 24 KB
24 KB 224ms
94ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-800.fdc7cad17deeec2db1fe2f9f8c0520ed.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

1a48c22120ff01abb38156633970addec986b69af1e59bfaf9b8abb6673f78c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://g.112388.xyz
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Thu, 03 Oct 2024 08:24:02 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 477819
x-guploader-uploadid: ADPycdva8AHR4BTfjQqdqbkHDdRGYIW8JutzIwxFNawN5LAKJSrECXu6os5oVpCFjekkXIWfgvW677baXump3BlQLLKe
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 24184
x-served-by: cache-mia-kmia1760085-MIA
last-modified: Tue, 17 Jan 2023 21:42:56 GMT
server: UploadServer
x-timer: S1707090154.161309,VS0,VE0
etag: "fdc7cad17deeec2db1fe2f9f8c0520ed"
x-goog-generation: 1673991776325560
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=b25SxA==, md5=/cfK0X3u7C2x/i+fjAUg7Q==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 24184
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 459

GET
H2 200 cheltenham-normal-700.530cfb72378419eedb60da7e266ad5f1.woff2
g1.nyt.com/fonts/family/cheltenham/ 28 KB
28 KB 223ms
93ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-700.530cfb72378419eedb60da7e266ad5f1.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

564385e5dd8a1058fd759445c33b2c554d409528496b9d91533eeb079f6415de

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://g.112388.xyz
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Fri, 02 Feb 2024 05:46:53 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 2294432
x-guploader-uploadid: ADPycdtYKTELTTIh77YD3fVMYiGUBupyK_NkrG4lYnCw0wQqa4_H6rVJ7m3RLALvZPh-Yva1xXdGVfFVTfCTU4XxIQwFR_B0gEOD
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 28276
x-served-by: cache-mia-kmia1760085-MIA
last-modified: Tue, 17 Jan 2023 21:42:55 GMT
server: UploadServer
x-timer: S1707090154.161135,VS0,VE0
etag: "530cfb72378419eedb60da7e266ad5f1"
vary: X-Goog-Allowed-Resources
x-goog-generation: 1673991775200429
x-goog-hash: crc32c=O9qQIA==, md5=Uwz7cjeEGe7bYNp+JmrV8Q==
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 28276
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 7546

GET
H2 200 imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2
g1.nyt.com/fonts/family/imperial/ 26 KB
26 KB 224ms
95ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/imperial/imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

b32e3879c83af441e675efa49587cb894bdd3c10420475f79879fbfb7a69766b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://g.112388.xyz
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Fri, 02 Feb 2024 05:46:14 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 1010852
x-guploader-uploadid: ADPycdsRwda_EOB5LpJhdwDZj2vpvKyH11TDWKhKDAem_9p0RfOsFUxnQkm3TV4Hwsv6-apktrq3fDaEj6u5WFfP3HOeppLc9Dco
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 26504
x-served-by: cache-mia-kmia1760085-MIA
last-modified: Tue, 17 Jan 2023 21:42:56 GMT
server: UploadServer
x-timer: S1707090154.174923,VS0,VE0
etag: "6131cd77b6e216c7693ed925f4309ffc"
vary: X-Goog-Allowed-Resources
x-goog-generation: 1673991776736810
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=ZzOuxA==, md5=YTHNd7biFsdpPtkl9DCf/A==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 26504
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 13355

GET
DATA 200
OK truncated
/ 130 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b84ebfbd15694400df12827c578baf3e0d64b86b13222a7d27a536e236dcb6c

Request headers

Referer
Origin: https://g.112388.xyz
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 cheltenham-small-normal-700.1a0b316424cdebd18086b8dbbc768eef.woff2
g1.nyt.com/fonts/family/cheltenham-small/ 23 KB
23 KB 143ms
93ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham-small/cheltenham-small-normal-700.1a0b316424cdebd18086b8dbbc768eef.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

9a43ab8056183a8efcf0e882990c2601381a735e02bba004439e010055c55d47

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://g.112388.xyz
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Sat, 18 Jan 2025 22:43:10 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 1385964
x-guploader-uploadid: ABPtcPokCHpH8rMRewa4yngL2esFkz-kcUbnOAQMNlzxXtwNQDya4svW8oYV7QRrCqBuiGkmqJc
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 23704
x-served-by: cache-mia-kmia1760085-MIA
last-modified: Wed, 15 Nov 2023 15:34:45 GMT
server: UploadServer
x-timer: S1707090154.160931,VS0,VE0
etag: "1a0b316424cdebd18086b8dbbc768eef"
x-goog-generation: 1700062485137146
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=FTq84Q==, md5=GgsxZCTN69GAhrjbvHaO7w==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 23704
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 392

GET
H2 200 cheltenham-text-cond-normal-700.7e78f9e7e6c2e02d82592c4466929fa3.woff2
g1.nyt.com/fonts/family/cheltenham-text-cond/ 28 KB
29 KB 83ms
32ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham-text-cond/cheltenham-text-cond-normal-700.7e78f9e7e6c2e02d82592c4466929fa3.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

1ecb1f9522433be3adfad377816095c7d5b27d02c1efbbbb793e341b829d83d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://g.112388.xyz
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Thu, 12 Sep 2024 06:18:25 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 2216876
x-guploader-uploadid: ADPycdtoCio9JMn3hDbytfVU5zpWgyM7ettw_xzX2NdPQO3lppWa8yoGXTIuncvlQeGG01jX50cgpkwIbZevNBdybQ1Elw
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 28868
x-served-by: cache-mia-kmia1760085-MIA
last-modified: Tue, 17 Jan 2023 21:42:55 GMT
server: UploadServer
x-timer: S1707090154.159638,VS0,VE0
etag: "7e78f9e7e6c2e02d82592c4466929fa3"
x-goog-generation: 1673991775506403
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=UQFt6w==, md5=fnj55+bC4C2CWSxEZpKfow==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 28868
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 404

GET
H2 200 cheltenham-normal-300.7ea91ebd036309e1fe756ee3aab272da.woff2
g1.nyt.com/fonts/family/cheltenham/ 27 KB
27 KB 145ms
95ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-300.7ea91ebd036309e1fe756ee3aab272da.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

e444fdaa833e612d239cf21a335b8322ad8cb7c7ba697ec978bdb454f5059519

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://g.112388.xyz
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Fri, 02 Feb 2024 05:47:22 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 5327959
x-guploader-uploadid: ADPycdu4c4MWmdPulaQvfgpBwjELQD34rn_rz1254cwvDOflCe-Zn4gJCHKKFSxJuYKzmLuaP870av6pKIwKMISVzUsx
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 27260
x-served-by: cache-mia-kmia1760085-MIA
last-modified: Tue, 17 Jan 2023 21:42:55 GMT
server: UploadServer
x-timer: S1707090154.161678,VS0,VE0
etag: "7ea91ebd036309e1fe756ee3aab272da"
vary: X-Goog-Allowed-Resources
x-goog-generation: 1673991775007595
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=rNQ9pA==, md5=fqkevQNjCeH+dW7jqrJy2g==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 27260
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 11009

GET
H2 200 franklin-normal-600.75739ac267f076931c6da9740386ee6b.woff2
g1.nyt.com/fonts/family/franklin/ 20 KB
20 KB 81ms
33ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-600.75739ac267f076931c6da9740386ee6b.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

29706c4ab8f4d48b33ccb0ea813f8afb5f7ac569f623536b96fba6cf1fc60e9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://g.112388.xyz
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Fri, 02 Feb 2024 05:46:16 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 998606
x-guploader-uploadid: ADPycdvhYDoz4CAgqaPW7V_EFM1kOolEePcwJ1MZR-PtG7CvKOZ32JG2ChchRGkWmBq0U2uiZF-WL627Pe8oBB8DrluK59v92au9
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20196
x-served-by: cache-mia-kmia1760085-MIA
last-modified: Tue, 17 Jan 2023 21:42:56 GMT
server: UploadServer
x-timer: S1707090154.159511,VS0,VE0
etag: "75739ac267f076931c6da9740386ee6b"
vary: X-Goog-Allowed-Resources
x-goog-generation: 1673991776257702
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=Jc81Jw==, md5=dXOawmfwdpMcbal0A4buaw==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 20196
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 11482

GET
H2 200 cheltenham-normal-200.40ccfe2cc61a71e6617e56162d49b896.woff2
g1.nyt.com/fonts/family/cheltenham/ 26 KB
26 KB 78ms
20ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-200.40ccfe2cc61a71e6617e56162d49b896.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

4f837869b80c34ed1a128362a6ed24ff5ebdae743dc55eb3c183ae9c8b5f4ca3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://g.112388.xyz
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Fri, 02 Feb 2024 05:47:22 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 5321031
x-guploader-uploadid: ADPycdv8Ik7vrwmNdrfGdni3kuP3esm32D1DaJUv25B1nNrhXW_Ftx0T_Te11gGs6sAjJvMjvx2HBxVSXvR-iZa3jOuPKw
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 26448
x-served-by: cache-mia-kmia1760085-MIA
last-modified: Tue, 17 Jan 2023 21:42:55 GMT
server: UploadServer
x-timer: S1707090154.295878,VS0,VE0
etag: "40ccfe2cc61a71e6617e56162d49b896"
vary: X-Goog-Allowed-Resources
x-goog-generation: 1673991775015704
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=kUZRqw==, md5=QMz+LMYaceZhflYWLUm4lg==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 26448
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 8519

GET
H2 200 karnak-normal-700.4a0c7e79ac2f009f12f9106482c961c4.woff2
g1.nyt.com/fonts/family/karnak/ 23 KB
23 KB 76ms
18ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/karnak/karnak-normal-700.4a0c7e79ac2f009f12f9106482c961c4.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

ad01b93ecf6b0b442902d27ae93b6af83a92784a05455b81490512a3d5d8b08b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://g.112388.xyz
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Thu, 12 Sep 2024 05:38:19 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 2296045
x-guploader-uploadid: ADPycdu1kOzCyMGTF8GGlw7yD_5jrYhreg02len-GgCK2dyByd4YxDkXNtMFBOijsy4-Fiybwb4w8Yhy_zfFphK1JAaNOg
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 23400
x-served-by: cache-mia-kmia1760085-MIA
last-modified: Tue, 17 Jan 2023 21:42:57 GMT
server: UploadServer
x-timer: S1707090154.295461,VS0,VE0
etag: "4a0c7e79ac2f009f12f9106482c961c4"
x-goog-generation: 1673991777120718
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=a9fAaA==, md5=Sgx+eawvAJ8S+RBkgslhxA==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 23400
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 4644

GET
H2 200 cheltenham-small-italic-400.cdfa0ec29cca8c2d2f54c79d898e15c1.woff2
g1.nyt.com/fonts/family/cheltenham-small/ 23 KB
24 KB 79ms
22ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham-small/cheltenham-small-italic-400.cdfa0ec29cca8c2d2f54c79d898e15c1.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

7dcbc19c68e87e4b23f85027e02ac7f3c89fa259973ec92bbe27e49ad002bf47

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://g.112388.xyz
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Thu, 19 Sep 2024 06:06:50 GMT
date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 1703419
x-guploader-uploadid: ADPycdvjnwFyC6eFnuYkkFRW2_rpd7GuACwTEOioJersnwSLwJo_yZ4wCC6UtvarizDgS7m0jOQPItKuq7cE9p4_C6hzXNnuG_YO
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 24028
x-served-by: cache-mia-kmia1760085-MIA
last-modified: Tue, 17 Jan 2023 21:42:55 GMT
server: UploadServer
x-timer: S1707090154.295225,VS0,VE0
etag: "cdfa0ec29cca8c2d2f54c79d898e15c1"
x-goog-generation: 1673991775386814
x-goog-hash: crc32c=2JQyuQ==, md5=zfoOwpzKjC0vVMediY4VwQ==
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 24028
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 239

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 98 KB
29 KB 387ms
92ms Script
text/javascript 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/vi-assets/static-assets/adslot-aaa844348e9357d134ca.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ddadd6c5b81b2f4224d75af6cd67b2ab9e951e690ede5d1e4e1222474aa55704

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29492
x-xss-protection: 0
server: cafe
etag: 481 / 19757 / 31080792 / config-hash: 8558731290873694684
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 04 Feb 2024 23:42:34 GMT

GET
H2 200 grumi.js Show response
rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/ Frame 2951 243 KB
80 KB 101ms
100ms Script
text/javascript 2600:9000:2511:600:4:b37b:9440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2511:600:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cf9ae4044157011ddd7fcaebdd061f5457b6996bec08d166ca9bdcb706e10de4

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:23:30 GMT
x-amz-version-id: tkrD9z3KEk9UH_UJICAuP.4QwaVMXZYu
content-encoding: br
via: 1.1 17eb4ce9c34597b3328325a19f8138fe.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P6
age: 1145
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sun, 04 Feb 2024 23:08:41 GMT
server: AmazonS3
etag: W/"de16bbd975f059b183b2885d6f9f1c96"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public,max-age=3600,stale-while-revalidate=3600,immutable,must-revalidate
timing-allow-origin: *
x-amz-cf-id: lMNwKsQkDp39MSCSOxSQLY8XIfCcRYWcYi2bnnpaETzmxY5xATOauQ==

GET
H2 200 3030 Show response
config.aps.amazon-adsystem.com/configs/ 532 B
801 B 265ms
61ms Script
application/javascript 108.138.106.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/3030
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.106.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-106-70.jfk50.r.cloudfront.net
Software: CloudFront /
Resource Hash: 577daca611b9ae7cc68fd26e230bd20d1f5659998cf988fccab9eb17bf7bd1fc

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:35:29 GMT
via: 1.1 153c5cd2b3e635613d0a2fa0f107993a.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: JFK50-P3
age: 425
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
content-length: 532
x-amz-cf-id: qwRUW-VFfMNMFClxAaCxgOBGMhaxruqSGn7LANzSKjQ8-JGAWY_DmQ==

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
309 B 75ms
25ms XHR
text/plain 18.238.48.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=3030&u=https%3A%2F%2Fg.112388.xyz
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.238.48.238 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-238-48-238.jfk52.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 21:34:18 GMT
via: 1.1 4e1c4d133adc8d8214916eeaddd7af66.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: JFK52-P3
age: 7695
x-cache: Hit from cloudfront
access-control-allow-origin: https://g.112388.xyz
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: h9Vc3jMB1HMFSCTQLAWx2FSElKvKhFCCxePQO932XDG-jhjOnUtqKw==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 64 B
396 B 303ms
77ms XHR
text/javascript 13.225.68.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax.amazon-adsystem.com/e/dtb/bid?src=3030&u=https%3A%2F%2Fg.112388.xyz%2F&pid=xmJ1AKT8ltLYh&cb=0&ws=1600x1200&v=24.129.1645&t=2000&slots=%5B%7B%22sd%22%3A%22dfp-ad-top%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22dfp-ad-top_hp_web%22%7D%5D&pj=%7B%22si_section%22%3A%22home%22%2C%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22platform%22%3A%7B%22brand%22%3A%22%22%7D%2C%22browsers%22%3A%5B%5D%7D%7D%7D&sm=48a81e37-c606-4a90-b9f3-dfc9c77b32b4&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.68.133 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-68-133.ewr53.r.cloudfront.net
Software: Server /
Resource Hash: d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:34 GMT
via: 1.1 92f8ba2eac28a12283a77bc938ff1728.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: EWR53-C1
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://g.112388.xyz
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 64
x-amz-cf-id: eDSxhnsR8QFsBXDB8ibo-BbdDuZOr8UMa-BjA4BwdfBGElgOYS7jTw==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 231ms
108ms XHR
application/javascript 18.238.48.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.238.48.238 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-238-48-238.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:35 GMT
x-amz-version-id: 9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding: gzip
via: 1.1 fb71bc40c2ca2e3f3af674bf6527ac8a.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
last-modified: Tue, 29 Aug 2023 08:30:37 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: WToIzqc1lUeGVp2isXFDHIhr21sj8CwHNmJJR5063rlCE8m4Qf-rZw==

GET
H3 200 vendors~allAccessLandingPage~audio~bestsellers~card~collections~cookingAppDownloadLandingPage~cookin~752c539c-ec4913d2ef09863fc2e1.js Show response
g.112388.xyz/vi-assets/static-assets/ 47 KB
11 KB 80ms
80ms Script
application/javascript 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://g.112388.xyz/vi-assets/static-assets/vendors~allAccessLandingPage~audio~bestsellers~card~collections~cookingAppDownloadLandingPage~cookin~752c539c-ec4913d2ef09863fc2e1.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6791cc75d90534df1e53ff0d9c75460de78ef9bd6dafaa5fe4d2c7e2073a515f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-encoding: br
x-guploader-uploadid: ABPtcPr4g9DEn1m7xhTd_e56OL-4awOyitZYyLorFutR6XvimLZC7MXTvBK796CUPPj1Ee7N2xXizUhRyg
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:28 UTC
x-served-by: cache-mia-kmia1760069-MIA
x-timer: S1707090155.166435,VS0,VE1
etag: W/"a27f6867bca7b0b2c86ae30699542d4a"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~allAccessLandingPage~audio~bestsellers~card~collections~cookingAppDownloadLandingPage~cookin~752c539c-ec4913d2ef09863fc2e1.js
content-type: application/javascript
access-control-allow-origin: *
x-goog-generation: 1706558987606144
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-route: vi-assets
x-nyt-app-webview: 0
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 15015
expires: Thu, 30 Jan 2025 15:10:18 GMT
date: Sun, 04 Feb 2024 23:42:35 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 31 Jan 2024 15:02:48 GMT
server: cloudflare
x-goog-hash: crc32c=O7hPJg==, md5=on9oZ7ynsLLIauMGmVQtSg==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o0Njqspb2U9KbdEjxPm%2FtLG%2Fsh%2FNiVq3iUC5T0pKphN%2FwOmUT42%2BWe%2BQKHbHZ6ozLNecSgQw7utEb%2Fww46zEfFFBJNjViEpUNhWsgG3Xe11YsYfRKTectMEgO7bRqMWO0ByzJ5kd%2FUZTjbk%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 48451
cf-ray: 8506c55d893f0331-MIA

GET
H3 200 vendors~audio~bestsellers~collections~explainer~home~liveAsset~markets~paidpost~reviews~search~slide~b202aa65-664ec656801333261d14.js Show response
g.112388.xyz/vi-assets/static-assets/ 47 KB
16 KB 112ms
111ms Script
application/javascript 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://g.112388.xyz/vi-assets/static-assets/vendors~audio~bestsellers~collections~explainer~home~liveAsset~markets~paidpost~reviews~search~slide~b202aa65-664ec656801333261d14.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

057bedef2d5ba646488aad189d199167ab6fdfba5ba5071706f06a0cbd77dfa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-encoding: br
x-guploader-uploadid: ABPtcPr0_T7iZTeKm6A2y7g6JQCKSjwOXgoZnTdPL0J-1a51uo35O3w88BMkugf-YfAnyRwuVZIOqm2r-g
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-01-31 15:26:26 UTC
x-served-by: cache-mia-kmia1760073-MIA
x-timer: S1707090155.155792,VS0,VE2
etag: W/"287abd8eb62101849c1bdebd6c67819b"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~audio~bestsellers~collections~explainer~home~liveAsset~markets~paidpost~reviews~search~slide~b202aa65-664ec656801333261d14.js
content-type: application/javascript
access-control-allow-origin: *
x-goog-generation: 1706645657010195
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-route: vi-assets
x-nyt-app-webview: 0
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 15430
expires: Thu, 30 Jan 2025 15:15:59 GMT
date: Sun, 04 Feb 2024 23:42:35 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 31 Jan 2024 15:11:58 GMT
server: cloudflare
x-goog-hash: crc32c=Vjl3vA==, md5=KHq9jrYhAYScG969bGeBmw==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6cmHKV5Kf9UaQ6pqU3lxDmBYRpqcX9aVCQhbWd3jtbuxP5tPAJxLJgHMcSAI4ZxXDFV5zVxHx%2Bg2yGGGSaMpDccifOiXvcFBJqlu1EXdqB23RRQXX7pvZz4%2FqNouuE361PwleSVghgprPsg%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 47853
cf-ray: 8506c55d99450331-MIA

GET
H3 200 vendors~burst~byline~capsule~carddeck~home~trending-891b80fb40a2828db082.js Show response
g.112388.xyz/vi-assets/static-assets/ 21 KB
6 KB 61ms
60ms Script
application/javascript 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://g.112388.xyz/vi-assets/static-assets/vendors~burst~byline~capsule~carddeck~home~trending-891b80fb40a2828db082.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e1f9f8bbd19cd1790e2bb9a069adb1bcca3d9f41cf78631de28569efa8bd43d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-encoding: br
x-guploader-uploadid: ABPtcPrc9_UqwM11gFt6JvigG4GMdSw5B1CJsa4vnF-YixoIeZVaTXBK0R18JQdPR6bet6gafjfNVMjXGQ
x-nyt-mktg-group: group1
x-goog-stored-content-encoding: identity
x-origin-time: 2024-02-01 16:38:21 UTC
x-served-by: cache-mia-kmia1760070-MIA
x-timer: S1707090155.152073,VS0,VE1
etag: W/"0924517b8b29353b5998427b8eae1bab"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~burst~byline~capsule~carddeck~home~trending-891b80fb40a2828db082.js
content-type: application/javascript
access-control-allow-origin: *
x-goog-generation: 1706805462273212
access-control-expose-headers: X-Nyt-Mktg-Group
cache-control: public,max-age=31536000
x-nyt-route: vi-assets
x-nyt-app-webview: 0
x-frame-options: DENY
x-nyt-edge-cache: HIT
x-cache-hits: 7451
expires: Fri, 31 Jan 2025 16:38:21 GMT
date: Sun, 04 Feb 2024 23:42:35 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 01 Feb 2024 16:37:42 GMT
server: cloudflare
x-goog-hash: crc32c=sJcOLg==, md5=CSRRe4spNTtZmEJ7jq4bqw==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w5o0rW4GCyRhBEee0B1C%2BHCCTn3hwgUxSSq4P69WKmCpuiBbq2l1FU6Tpl3yZaE7f1PcNZZrOkXtabWFp8kRztddjfFmnS7F67HvEOwEb66zE3XzZtiYAqS%2FiiUHaju5%2BggDlRkLgh1p7NQ%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-goog-stored-content-length: 21751
cf-ray: 8506c55d99490331-MIA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 182 KB
63 KB 82ms
81ms Script
application/javascript 2607:f8b0:4006:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N5P6T9S&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e0139b4af8c8fdc04b4c6f7e7bb060380a3fa688f6bd702d0ac28b75984cca11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63871
x-xss-protection: 0
last-modified: Sun, 04 Feb 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 04 Feb 2024 23:42:35 GMT

GET
H2 200 tags.js Show response
dd.nytimes.com/ 148 KB
28 KB 332ms
69ms Script
text/javascript 18.238.55.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dd.nytimes.com/tags.js

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.123 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-123.jfk52.r.cloudfront.net

Software

Apache /

Resource Hash

81cfe39d237661ec6ba52a194fb2593437452ffe4754a274437482f141720e3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
via: 1.1 c079338af747d912717239089fea0484.cloudfront.net (CloudFront)
date: Sun, 04 Feb 2024 23:26:56 GMT
x-amz-cf-pop: JFK52-P4
age: 939
x-cache: Hit from cloudfront
content-length: 27767
last-modified: Wed, 24 Jan 2024 13:17:49 GMT
server: Apache
etag: "25173-60fb0e3bca3dd-gzip"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, public
accept-ranges: bytes
x-amz-cf-id: DpPi-QU5-DDkHosVDNFBB9z-ooNfU2H1fRHgGmn4shSRxUvY_zxLuw==
expires: Mon, 05 Feb 2024 00:26:56 GMT

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=3005403&ns__t=1707090155235&ns_c=UTF-8&c8=The%20New%20York%20Times%20-%20Breaking%20News%2C%20US%20News%2C%20World%20News%20and%20Videos&c7=https%3A%2F%2F...
https://sb.scorecardresearch.com/b2?c1=2&c2=3005403&ns__t=1707090155235&ns_c=UTF-8&c8=The%20New%20York%20Times%20-%20Breaking%20News%2C%20US%20News%2C%20World%20News%20and%20Videos&c7=https%3A%2F%2...

0
223 B

74ms
70ms

Image
text/plain

108.139.47.33
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=3005403&ns__t=1707090155235&ns_c=UTF-8&c8=The%20New%20York%20Times%20-%20Breaking%20News%2C%20US%20News%2C%20World%20News%20and%20Videos&c7=https%3A%2F%2Fg.112388.xyz%2F&c9=
Requested by: Host: g.112388.xyz
URL: https://g.112388.xyz/
Protocol: H2
Server: 108.139.47.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-47-33.jfk50.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:35 GMT
via: 1.1 56d4c538e370aeaeaa8463ce6c4a1044.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: JFK50-P1
x-amz-cf-id: mAOxp78e1XAB1dczpy3gfn477FAHDuWSsTartIuFDjNHrVaP7MFEdg==
x-cache: Miss from cloudfront

Redirect headers

date: Sun, 04 Feb 2024 23:42:35 GMT
via: 1.1 56d4c538e370aeaeaa8463ce6c4a1044.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: JFK50-P1
x-cache: Miss from cloudfront
location: /b2?c1=2&c2=3005403&ns__t=1707090155235&ns_c=UTF-8&c8=The%20New%20York%20Times%20-%20Breaking%20News%2C%20US%20News%2C%20World%20News%20and%20Videos&c7=https%3A%2F%2Fg.112388.xyz%2F&c9=
content-length: 0
x-amz-cf-id: TOzBZxovLLipDoh0iE9ZpI4AZZbDLJWwxuy3KpgCH2-CzoPxZsvhpA==

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401290201/ 435 KB
136 KB 87ms
86ms Script
text/javascript 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401290201/pubads_impl.js?cb=31080792

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b7da2057c3a37a4c49b313a989f78fbc91ba50ba03725afcde21477b56d3378

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 22:37:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3915
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139509
x-xss-protection: 0
server: cafe
etag: 15006055029041311047
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Mon, 03 Feb 2025 22:37:20 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 63 B
78 B 228ms
84ms XHR
application/json 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=g.112388.xyz

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fa403396216964ac52859247b325178d57d409042abdf5aac8a69fac378fc267

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54
x-xss-protection: 0
expires: Sun, 04 Feb 2024 23:42:35 GMT

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 79ms
77ms Preflight 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-entitlements,x-nyt-internal-meter-override,x-nyt-news-tenure,x-nyt-programming-abtest
Access-Control-Request-Method: POST
Origin: https://g.112388.xyz
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-entitlements,x-nyt-internal-meter-override,x-nyt-news-tenure,x-nyt-programming-abtest
access-control-allow-methods: GET,POST
access-control-expose-headers: x-nyt-audience-target-flat,x-nyt-continent,x-nyt-country,x-nyt-region,x-nyt-meridiem,x-nyt-gmt-offset
access-control-max-age: 300
age: 0
content-length: 0
date: Sun, 04 Feb 2024 23:42:36 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Accept-Encoding, Access-Control-Request-Method
via: 1.1 google, 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 17
x-nyt-audience-target-flat: NA:PM
x-nyt-continent: NA
x-nyt-country: US
x-nyt-edge-cache: MISS
x-nyt-meridiem: PM
x-nyt-region: NY
x-samizdat-query-exe-id: a19ed952ce2cfacc
x-samizdat-query-field-errors: 0
x-served-by: cache-mia-kmia1760037-MIA
x-timer: S1707090156.304108,VS0,VE45

GET
H3 200 market Show response
g.112388.xyz/api/ 519 B
1 KB 50ms
49ms Fetch
application/json 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://g.112388.xyz/api/market

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7bcb7821de552f113d3860ff70976313a3d5af5ba03793f5c00b502b2c4c0939

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-encoding: br
age: 15
x-nyt-mktg-group: group1
x-origin-time: 2024-02-04 23:42:23 UTC
x-served-by: cache-lga21927-LGA, cache-mia-kmia1760096-MIA
x-timer: S1707090156.278210,VS0,VE2
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/api/market
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Nyt-Mktg-Group, X-Nyt-Mktg-Group
cache-control: s-maxage=60,(null)
x-nyt-route: market
x-nyt-app-webview: 0
x-frame-options: DENY
x-nyt-edge-cache: HIT-HIT
x-cache-hits: 51, 1
date: Sun, 04 Feb 2024 23:42:36 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-decorator-operation: vi.nyt.net:443/*
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-F-X
x-cache: HIT, HIT
x-envoy-upstream-service-time: 38
alt-svc: h3=":443"; ma=86400
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wLGqDyoyvrDAMuL2qmfuKpKvP%2FGs3pOLkR%2FFpx75iPP1krRDfuirujJ1xHLBusrp2V5DGeK4H5uFjbH62PbdEk13uOfCPGFLBN9Jvxu%2FSOzd7vbM0Qfhhyl1XthLEGuQVhaNimHskkPhjy0%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
cf-ray: 8506c564aa900331-MIA

GET
H2 200 vhs.min.js Show response
static01.nyt.com/video-static/vhs3/ 496 KB
114 KB 34ms
33ms Script
application/javascript 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://static01.nyt.com/video-static/vhs3/vhs.min.js

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/vi-assets/static-assets/vendors~burst~byline~capsule~carddeck~home~trending-891b80fb40a2828db082.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

0d83283563d7c546842e4e2bef1ecdee3db0ade306ef9fc7bf717b87e2107ac3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Tue, 06 Feb 2024 23:12:44 GMT
date: Sun, 04 Feb 2024 23:42:36 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 433793
x-guploader-uploadid: ABPtcPoottTx1DKdoH4LfoXPjk0Q15_3px8qBOcw-F8kxkskQpxVL_kiRdAOvlzT0zzTL-LdMymOiVSNig
x-cache: HIT, HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-meta-surrogate-key: video/vhs3
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-length: 115571
x-served-by: cache-iad-kiad7000153-IAD, cache-mia-kmia1760045-MIA
last-modified: Tue, 30 Jan 2024 23:12:38 GMT
server: UploadServer
x-timer: S1707090156.295038,VS0,VE0
etag: "bfb22a63e419c768ff2ed0ce6c9ae33e"
vary: Accept-Encoding
x-goog-generation: 1706656358833564
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=MzQWkA==, md5=v7IqY+QZx2j/LtDObJrjPg==
cache-control: public,max-age=60,s-maxage=604800
x-goog-stored-content-length: 507640
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 10, 30158

POST v2
samizdat-graphql.nytimes.com/graphql/ 0
0

HEAD
H3 200 / Show response
g.112388.xyz/ 0
1 KB 61ms
60ms XHR
text/html 2606:4700:3031::ac43:870a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://g.112388.xyz/

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:870a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-encoding: br
x-b3-traceid: 9346738a17f74a7cba174afec5849e3f
age: 3
x-pagetype: vi-homepage
x-nyt-mktg-group: group1
x-nyt-home-headers-map: allocation-id=bApM97qAjEjfD3JqAk6NxC
x-origin-time: 2024-02-04 23:42:33 UTC
x-served-by: cache-lga21938-LGA, cache-mia-kmia1760053-MIA
x-timer: S1707090156.342802,VS0,VE5
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Nyt-Mktg-Group, X-Nyt-Mktg-Group
cache-control: s-maxage=30,no-cache
x-nyt-route: homepage
x-nyt-app-webview: 0
x-frame-options: DENY
x-nyt-edge-cache: HIT-HIT
x-cache-hits: 7, 1
date: Sun, 04 Feb 2024 23:42:36 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-decorator-operation: vi.nyt.net:443/*
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-F-VI
x-cache: HIT, HIT
x-envoy-upstream-service-time: 405
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sun, 04 Feb 2024 23:42:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q28LoZrtYt4zxC8TYoeNw1BrhWZzL9R8TbI1tcwp66UCVQj%2BfyOs5UvfVrruwuRj3EWFc4miYF49MYAD3eHPTE4Ghh%2BDkMnHEOnhKMhMhTctbCsLHb0WR0a21nDInfHojm162LmZqh4PORQ%3D"}],"group":"cf-nel","max_age":604800}
x-gdpr: 0
access-control-allow-credentials: true
permissions-policy: browsing-topics=()
x-nyt-data-last-modified: Sun, 04 Feb 2024 23:42:33 GMT
cf-ray: 8506c5650af30331-MIA

GET purr-cache
purr.nytimes.com/v1/ 0
0

GET data-layer
a.nytimes.com/svc/nyt/ 0
0

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ 19 B
706 B 253ms
98ms Fetch
application/json 68.67.161.182
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.161.182 Jersey City, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://g.112388.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:36 GMT
an-x-request-uuid: c2ba624b-5a7a-4ae2-9752-781a134b1933
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://g.112388.xyz
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 38.132.118.68; 38.132.118.68; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 19
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
114 B 288ms
98ms Fetch 104.36.115.111
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://g.112388.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://g.112388.xyz
date: Sun, 04 Feb 2024 23:42:36 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
662 B 223ms
58ms Fetch
application/json 54.166.83.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=8.25.0&referrer=https%3A%2F%2Fg.112388.xyz%2F&tmax=10000

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.166.83.173 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-166-83-173.compute-1.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://g.112388.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:36 GMT
accept-ch: sec-ch-rtt,sec-ch-ua-mobile,sec-ch-viewport-width,sec-ch-downlink,sec-ch-ua-full-version-list,sec-ch-prefers-color-scheme,sec-ch-ua-platform,sec-ch-dpr,user-agent,sec-ch-width,sec-ch-viewport-height,sec-ch-save-data,sec-ch-ect,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-device-memory,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-full-version,sec-ch-ua-arch
x-auction-status: 3, 3, 3, 3, 3
content-type: application/json; charset=utf-8
access-control-allow-origin: https://g.112388.xyz
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
receive-cookie-deprecation: 1; Secure; HttpOnly; Path=/; SameSite=None; Partitioned
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 334 B
641 B 160ms
56ms Fetch
application/json 34.120.63.153
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CU4WQK98
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 153.63.120.34.bc.googleusercontent.com
Software: envoy /
Resource Hash: 084af16796acc3ed9cc882b551d369f7d8de1b8c6481ff6137b1ac37dcd8cab1

Request headers

Referer: https://g.112388.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:36 GMT
content-encoding: gzip
via: 1.1 google
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
server: envoy
content-type: application/json;charset=utf-8
access-control-allow-origin: https://g.112388.xyz
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 04 Feb 2024 23:42:36 GMT

POST
H2 200 pbjs Show response
htlb.casalemedia.com/openrtb/ 37 B
664 B 185ms
88ms Fetch
application/json 104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/openrtb/pbjs?s=995821
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e943ae8b36c3231e6f807ce3c017ff4e402a01525cd4056b13f2b3b55df4c344

Request headers

Referer: https://g.112388.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:36 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Zxs0BAVBfzRbBDvC1i7xLKvbhUDQ1pr9M5K%2FJkEUb9D8VTa8dtCWl76aEEGqspLqwxNhQ7i6B8B4cG4hjT6IlyWG3XR4qZmXeCoBvXMDBxUguKDYLMqBv2qd0hmdKY4jI4pMupH"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://g.112388.xyz
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 8506c566e83a4c00-MIA
alt-svc: h3=":443"; ma=86400
content-length: 37
expires: 0

POST
H2 200 prebidjs Show response
rtb.openx.net/openrtbb/ 53 B
338 B 165ms
73ms Fetch
text/plain 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.openx.net/openrtbb/prebidjs
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 66c5b51b595d5e53e089c2693a614e74e3d98d6834675ecc438848b984dfa1d7

Request headers

Referer: https://g.112388.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: text/plain

Response headers

date: Sun, 04 Feb 2024 23:42:36 GMT
content-encoding: gzip
via: 1.1 google
vary: Origin
content-type: text/plain
access-control-allow-origin: https://g.112388.xyz
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 412 B
922 B 233ms
62ms Fetch
application/json 2602:803:c002:200::32
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088370&size_id=2&alt_size_ids=55%2C57&p_pos=atf&rf=https%3A%2F%2Fg.112388.xyz%2F&kw=news%2Cliveupdates%2Clatestnews%2Cbreakingnews%2Clocalnews%2Ccurrentevents%2Ctopstories%2Clivestream%2Clivevideo%2Cworldnews%2Cusnews&tg_i.domain=g.112388.xyz&tg_i.page=https%3A%2F%2Fg.112388.xyz%2F&tg_i.invCode=nyt_home_top&tg_i.pbadslot=dfp-ad-top&tk_flint=pbjs_lite_v8.25.0&l_pb_bid_id=384921452e198f2&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.9889790638801224
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 379fd9a2c823eb341d0d4bbded9c5bbe34024c2992cf51588c3b8ace1db562c8

Request headers

Referer: https://g.112388.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:36 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://g.112388.xyz
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 412
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 414 B
752 B 232ms
66ms Fetch
application/json 2602:803:c002:200::32
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088372&size_id=2&alt_size_ids=55%2C57&p_pos=btf&rf=https%3A%2F%2Fg.112388.xyz%2F&kw=news%2Cliveupdates%2Clatestnews%2Cbreakingnews%2Clocalnews%2Ccurrentevents%2Ctopstories%2Clivestream%2Clivevideo%2Cworldnews%2Cusnews&tg_i.domain=g.112388.xyz&tg_i.page=https%3A%2F%2Fg.112388.xyz%2F&tg_i.invCode=nyt_home_mid1&tg_i.pbadslot=dfp-ad-mid1&tk_flint=pbjs_lite_v8.25.0&l_pb_bid_id=3907092061eb3c9&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.5497502701783561
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 39cf8f3e75a89a6c2fda31792f7a450bf241bd79613182bcbeecd67d8616fbcf

Request headers

Referer: https://g.112388.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:36 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://g.112388.xyz
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 414
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 414 B
753 B 244ms
78ms Fetch
application/json 2602:803:c002:200::32
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088372&size_id=2&alt_size_ids=55%2C57&p_pos=btf&rf=https%3A%2F%2Fg.112388.xyz%2F&kw=news%2Cliveupdates%2Clatestnews%2Cbreakingnews%2Clocalnews%2Ccurrentevents%2Ctopstories%2Clivestream%2Clivevideo%2Cworldnews%2Cusnews&tg_i.domain=g.112388.xyz&tg_i.page=https%3A%2F%2Fg.112388.xyz%2F&tg_i.invCode=nyt_home_mid2&tg_i.pbadslot=dfp-ad-mid2&tk_flint=pbjs_lite_v8.25.0&l_pb_bid_id=40cbf6290bbcd6a&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.1612183269252654
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: de8a40e056b4168309db73b3f4b111d273a3833adbaf6b536da8357478f89986

Request headers

Referer: https://g.112388.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:36 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://g.112388.xyz
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 414
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 414 B
753 B 229ms
64ms Fetch
application/json 2602:803:c002:200::32
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088372&size_id=2&alt_size_ids=55%2C57&p_pos=btf&rf=https%3A%2F%2Fg.112388.xyz%2F&kw=news%2Cliveupdates%2Clatestnews%2Cbreakingnews%2Clocalnews%2Ccurrentevents%2Ctopstories%2Clivestream%2Clivevideo%2Cworldnews%2Cusnews&tg_i.domain=g.112388.xyz&tg_i.page=https%3A%2F%2Fg.112388.xyz%2F&tg_i.invCode=nyt_home_mid3&tg_i.pbadslot=dfp-ad-mid3&tk_flint=pbjs_lite_v8.25.0&l_pb_bid_id=41a0e8d6d82f73f&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.8094939490608337
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 63185150d548537c5a50ae1a6c8e109a1e85bc4a89156a7445a3d83cdae1c18f

Request headers

Referer: https://g.112388.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:36 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://g.112388.xyz
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 414
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 418 B
756 B 229ms
65ms Fetch
application/json 2602:803:c002:200::32
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088374&size_id=2&alt_size_ids=55%2C57&p_pos=btf&rf=https%3A%2F%2Fg.112388.xyz%2F&kw=news%2Cliveupdates%2Clatestnews%2Cbreakingnews%2Clocalnews%2Ccurrentevents%2Ctopstories%2Clivestream%2Clivevideo%2Cworldnews%2Cusnews&tg_i.domain=g.112388.xyz&tg_i.page=https%3A%2F%2Fg.112388.xyz%2F&tg_i.invCode=nyt_home_bottom&tg_i.pbadslot=dfp-ad-bottom&tk_flint=pbjs_lite_v8.25.0&l_pb_bid_id=42f220df327c2a8&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.47637160101369824
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 481db71050f1234ac9c3e73de63d5755c2c9318f78b44712ec890b9903bb7410

Request headers

Referer: https://g.112388.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:36 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://g.112388.xyz
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 418
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 4pol-michael-haley-new-hp-mtwq-threeByTwoSmallAt2X.jpg
static01.nyt.com/images/2024/02/04/multimedia/4pol-michael-haley-new-hp-mtwq/ 45 KB
46 KB 44ms
36ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2024/02/04/multimedia/4pol-michael-haley-new-hp-mtwq/4pol-michael-haley-new-hp-mtwq-threeByTwoSmallAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

e73dc92ae23f5d38f1c7e0e0fd3dc6124dfaaadb507a8a2921a3191ffd146ae1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Sun, 04 Feb 2024 11:01:20 GMT
date: Sun, 04 Feb 2024 23:42:36 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010210
age: 45676
x-guploader-uploadid: ABPtcPpoPLOhbCKnkU3XXImWmzuFBt4skQVPkPdpjLOh_-UlmhvE7bYT0mKstZKQ1OjA0t_tY2Q
x-cache: HIT, HIT
fastly-io-info: ifsz=92939 idim=600x400 ifmt=jpeg ofsz=46184 odim=600x400 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 46184
x-served-by: cache-iad-kiad7000125-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090157.785992,VS0,VE0
etag: "7wcTzY0uL+wP2vSs9lvqQPyecXsOVutDMZttpoyloCE"
vary: Accept
x-goog-generation: 1707042868671064
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=lZSZpw==, md5=E4H4e7U5y8Ohr9DpFfiRBg==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 92939
x-amz-checksum-crc32c: lZSZpw==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 17, 50

GET
H2 200 20240204-california-storm-atmospheric-river-header--kvqg-threeByTwoSmallAt2X.jpg
static01.nyt.com/images/2024/02/20/multimedia/20240204-california-storm-atmospheric-river-header--kvqg/ 19 KB
20 KB 85ms
78ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2024/02/20/multimedia/20240204-california-storm-atmospheric-river-header--kvqg/20240204-california-storm-atmospheric-river-header--kvqg-threeByTwoSmallAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

e1dc1e91911ee28b187d698d67ef13b37468a85465ceca5dcfb7d1c5aa88aa5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Sun, 04 Feb 2024 20:45:52 GMT
date: Sun, 04 Feb 2024 23:42:36 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010231
age: 10605
x-guploader-uploadid: ABPtcPpA2CPyA7D6b2iN7Z_BpqUkmdYZSDBrV3dTPaHofMJv9PbirFMv5VtK8A3FF4cPGkZWanQ
x-cache: HIT, HIT
fastly-io-info: ifsz=49997 idim=600x400 ifmt=jpeg ofsz=19878 odim=600x400 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 19878
x-served-by: cache-iad-kjyo7100163-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090157.787419,VS0,VE0
etag: "Klrm4XKBYPDJ+/BSC29z7pJRLeHsV90bZdrMDWi5etA"
vary: Accept
x-goog-generation: 1707078836993269
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=NEmGNA==, md5=uyIE30wHeW0eMV4a7YIWSw==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 49997
x-amz-checksum-crc32c: NEmGNA==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 47

GET
H2 200 03CHINA-NUCLEAR-01-bqzm-threeByTwoSmallAt2X.jpg
static01.nyt.com/images/2024/02/03/multimedia/03CHINA-NUCLEAR-01-bqzm/ 34 KB
34 KB 73ms
68ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2024/02/03/multimedia/03CHINA-NUCLEAR-01-bqzm/03CHINA-NUCLEAR-01-bqzm-threeByTwoSmallAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

1f1421db15b73381ffaf585d800f65425e0b0b6c870b49a2c0476cd08d64f940

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Sun, 04 Feb 2024 05:04:32 GMT
date: Sun, 04 Feb 2024 23:42:36 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010248
age: 67084
x-guploader-uploadid: ABPtcPpdm-cDookQZF1Ws4fb-xE1myExuf36og8g1F9NTCbSr5Ova1L--2TSk1UPzaANHkyeyXMgK_zMNQ
x-cache: HIT, HIT
fastly-io-info: ifsz=63384 idim=600x400 ifmt=jpeg ofsz=34654 odim=600x400 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 34654
x-served-by: cache-iad-kiad7000059-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090157.787206,VS0,VE0
etag: "mJVGgvCooBIzP1715Iy8x3/SVMfb7PcrEU2tKMn5pQg"
vary: Accept
x-goog-generation: 1707022872501156
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=8jQ1xQ==, md5=mHfhrwDzbk6GVGuqvjWZ+w==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 63384
x-amz-checksum-crc32c: 8jQ1xQ==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 9, 132

GET
H2 200 00turkey-test-hm-zwtq-videoSixteenByNine1050.jpg
static01.nyt.com/images/2024/02/01/multimedia/00turkey-hm-zwtq/ 37 KB
38 KB 56ms
51ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2024/02/01/multimedia/00turkey-hm-zwtq/00turkey-test-hm-zwtq-videoSixteenByNine1050.jpg?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

6072e1ff94b58909088a8cfa89e9166d37a547aefdd3395baaa7539974a939cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Sun, 04 Feb 2024 11:01:20 GMT
date: Sun, 04 Feb 2024 23:42:36 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010249
age: 45676
x-guploader-uploadid: ABPtcPq3rIl6mJho7TJ4RTccWd3BRJDKq90CAajX3Eil2krmNKntDjA2WmrlNAL_qb3eJHfZoYk
x-cache: HIT, HIT
fastly-io-info: ifsz=119768 idim=1050x591 ifmt=jpeg ofsz=38156 odim=1050x591 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 38156
x-served-by: cache-iad-kcgs7200142-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090157.786941,VS0,VE0
etag: "QVOqo+pU12LSzjqreV0/tVvxtphfR7hBOQAcUNdrBd4"
vary: Accept
x-goog-generation: 1706894835905222
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=BTswUg==, md5=NQc+Nru2EPEYyuAnQelXnw==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 119768
x-amz-checksum-crc32c: BTswUg==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 4, 535

GET
H2 200 04Talk-poster-threeByTwoSmallAt2X.jpg
static01.nyt.com/images/2024/02/04/reader-center/04Talk-poster/ 12 KB
13 KB 88ms
84ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2024/02/04/reader-center/04Talk-poster/04Talk-poster-threeByTwoSmallAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

674df8ae84c378c3767564e377293d2667c290f245529ac1d06bcf8a36da6ac8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Sun, 04 Feb 2024 11:01:21 GMT
date: Sun, 04 Feb 2024 23:42:36 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010246
age: 45675
x-guploader-uploadid: ABPtcPqaHpR76FeqP1LBnhsQnoeLLaOALRCzGN3dlaxtqRn0yaPOk-RywSqG_WAVZ5DuG6h6StcJCk4auA
x-cache: HIT, HIT
fastly-io-info: ifsz=40846 idim=600x400 ifmt=jpeg ofsz=12562 odim=600x400 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 12562
x-served-by: cache-iad-kjyo7100099-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090157.787938,VS0,VE0
etag: "+yhoeAprTvb65rcDw1u+9lYlHZ7gnhy48G2kpuz9TPo"
vary: Accept
x-goog-generation: 1706893379592208
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=gGAjeQ==, md5=b719rY8DA6PRudXXv64N7Q==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 40846
x-amz-checksum-crc32c: gGAjeQ==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 39

GET
H2 200 00ideas-hp-posterFPO-videoSixteenByNine1050-v13.jpg
static01.nyt.com/images/2024/01/31/multimedia/00ideas-hp-posterFPO/ 13 KB
14 KB 51ms
47ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2024/01/31/multimedia/00ideas-hp-posterFPO/00ideas-hp-posterFPO-videoSixteenByNine1050-v13.jpg?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

00e303a9768acc9cff3ac50951585b7ae832aef28ead570394fc2448c92613d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Sun, 04 Feb 2024 11:01:24 GMT
date: Sun, 04 Feb 2024 23:42:36 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010247
age: 45672
x-guploader-uploadid: ABPtcPpFfwHf8hY0qzbDX3AzwAFatiJ_fcJheg_RzhFmVczvplTo3p-htQy3n9zfQSh_zJEkE_Y
x-cache: MISS, HIT
fastly-io-info: ifsz=53228 idim=1050x591 ifmt=jpeg ofsz=13334 odim=1050x591 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 13334
x-served-by: cache-iad-kjyo7100053-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090157.786901,VS0,VE0
etag: "AX3ipc+ScMPgSL37gq9pPRS51bTy9gG1h7LT9Brjwrk"
vary: Accept
x-goog-generation: 1706901632365508
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=JES9qA==, md5=UrCXgG3DrXo2NsQCwWoJiQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 53228
x-amz-checksum-crc32c: JES9qA==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 0, 434

GET
H2 200 linda-greenhouse-thumbLarge.png
static01.nyt.com/images/2018/04/02/opinion/linda-greenhouse/ 24 KB
25 KB 40ms
40ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2018/04/02/opinion/linda-greenhouse/linda-greenhouse-thumbLarge.png?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

4c7e66d672ad01d9a4b945bb09097d6776e2c05383c48f6c64aba44cc24fe96a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Tue, 03 Oct 2023 06:57:12 GMT
date: Sun, 04 Feb 2024 23:42:36 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300720
age: 553916
x-guploader-uploadid: ADPycds2reim6dMEj2f2HcFnaMZpwWc0_oWHBaAHWsmu44vfrUyiIA-pdAjKTWalq383IRrRG8iKufqZi5ufcf_i9-vDBkX2mUXP
x-cache: HIT, HIT
fastly-io-info: ifsz=37145 idim=150x150 ifmt=png ofsz=24872 odim=150x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 24872
x-served-by: cache-iad-kjyo7100055-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090157.834391,VS0,VE0
etag: "6NTQSfiCy/NzG8Auma603MGcJGgtK4cRp27daplZfTM"
vary: Accept
x-goog-generation: 1522685321653393
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=YbQBgA==, md5=ZAZNv8Bo5h9AIN0Zs6vXxQ==
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 37145
x-amz-checksum-crc32c: YbQBgA==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 17, 524

GET
H2 200 04French-glzp-square320.jpg
static01.nyt.com/images/2024/02/04/multimedia/04French-glzp/ 10 KB
10 KB 50ms
49ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2024/02/04/multimedia/04French-glzp/04French-glzp-square320.jpg?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

517828fddc95d297924c765a5978a3a95bde56ccbc5f7b26b98365a9bf33c81b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Sun, 04 Feb 2024 14:01:57 GMT
date: Sun, 04 Feb 2024 23:42:36 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010228
age: 34839
x-guploader-uploadid: ABPtcPreSDaKRmj5k3FaeqaaRHnAfw47gbg-8Oh5z20NrS7LEu9XZ3aSTBnYQbuWqHKjPnLob4U
x-cache: HIT, HIT
fastly-io-info: ifsz=20158 idim=320x320 ifmt=jpeg ofsz=9782 odim=320x320 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 9782
x-served-by: cache-iad-kjyo7100132-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090157.838183,VS0,VE0
etag: "SKLZA7u6VKL1tBpFuP40fQUdZqn9+1eCU8ZLku513+8"
vary: Accept
x-goog-generation: 1707055208822501
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=GQrlpQ==, md5=mrOGprlL+5ID4TR0LvcqvA==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 20158
x-amz-checksum-crc32c: GQrlpQ==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 12, 377

GET
H2 200 04cullen-square320.jpg
static01.nyt.com/images/2024/02/04/opinion/04cullen/ 9 KB
10 KB 35ms
35ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2024/02/04/opinion/04cullen/04cullen-square320.jpg?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

6987fdf47bf0b1d3b4d3b5654eeb6461ef62f2e68ffda7ad91a140e9397f0256

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Sun, 04 Feb 2024 14:02:21 GMT
date: Sun, 04 Feb 2024 23:42:36 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010249
age: 34815
x-guploader-uploadid: ABPtcPqMbdEr66qJJGSLTPeeWTtrFey2QhluYU2BNR2wkPrn5navREykcrL6KbOczwZn6BienXYK9SblEA
x-cache: HIT, HIT
fastly-io-info: ifsz=24246 idim=320x320 ifmt=jpeg ofsz=9484 odim=320x320 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 9484
x-served-by: cache-iad-kjyo7100148-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090157.855593,VS0,VE0
etag: "i7LAQahdm0718FWvEHC0L2cab2T4ABRilR+fwfUJvMs"
vary: Accept
x-goog-generation: 1707055205342512
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=RFD3Lw==, md5=PpxoZqrdbhK5nFh+kDbEVA==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 24246
x-amz-checksum-crc32c: RFD3Lw==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 24, 368

GET
H2 200 maureen-dowd-thumbLarge.png
static01.nyt.com/images/2018/04/02/opinion/maureen-dowd/ 26 KB
26 KB 33ms
32ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2018/04/02/opinion/maureen-dowd/maureen-dowd-thumbLarge.png?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

9ad5c1071dfc2fc7cdfe1b3cdf2ef9fbd55f3504d8718d236a34472d8f67b604

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Sat, 11 Nov 2023 09:36:36 GMT
date: Sun, 04 Feb 2024 23:42:36 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300713
age: 464040
x-guploader-uploadid: ABPtcPqC-BqUrGenbD8RsA1P_Z8GAxqsHWZUMDrP2PkLHElKK6RxM9-XmayIJ5e7mO3q8X5bT1A
x-cache: HIT, HIT
fastly-io-info: ifsz=40404 idim=150x150 ifmt=png ofsz=26284 odim=150x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 26284
x-served-by: cache-iad-kiad7000025-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090157.864402,VS0,VE0
etag: "BK1lA7pRfoinyCFYOVHNQ0IWr2jKZWwrR75SHOUJbKM"
vary: Accept
x-goog-generation: 1525426621234309
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=xvK79g==, md5=LTjcDtAbe1C+AXlB78ydpA==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 40404
x-amz-checksum-crc32c: xvK79g==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 27, 820

GET
H2 200 pamela-paul-new-thumbLarge-v2.png
static01.nyt.com/images/2022/07/12/opinion/pamela-paul-new/ 21 KB
22 KB 33ms
32ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2022/07/12/opinion/pamela-paul-new/pamela-paul-new-thumbLarge-v2.png?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

45c3418da37950410f8367bb9173310ac9bdb73638d297a0e802dc3910fb2738

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Mon, 25 Sep 2023 16:36:19 GMT
date: Sun, 04 Feb 2024 23:42:36 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 457268
x-guploader-uploadid: ADPycdtgKgonSCyfriavBeurkz2wFzsbMkBsEwKwkpdyi4Th65GQCiEWJcCF9dk2mHnVGeguxpq8l0iEBtvGY-Cp5VWgcA
x-cache: HIT, HIT
fastly-io-info: ifsz=36168 idim=150x150 ifmt=png ofsz=21746 odim=150x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 21746
x-served-by: cache-iad-kiad7000103-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090157.871272,VS0,VE1
etag: "poHawkofzaXtY1+/PLv9kg1am7mrc4o/9sEBN0Je9mg"
vary: Accept
x-goog-generation: 1657726384886638
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=OBtLiw==, md5=t2XiMutGQzeTo7iyvCk7Pg==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 36168
x-amz-checksum-crc32c: OBtLiw==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 368, 456

GET
H2 200 ezra-klein-thumbLarge-v3.png
static01.nyt.com/images/2021/01/06/opinion/ezra-klein/ 21 KB
21 KB 35ms
35ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2021/01/06/opinion/ezra-klein/ezra-klein-thumbLarge-v3.png?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

2d1e562b7d991619ddc38e9166e7856b5f2db4b3c60977d6e4e86eebba560d04

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Wed, 20 Sep 2023 12:08:45 GMT
date: Sun, 04 Feb 2024 23:42:36 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 43069
x-guploader-uploadid: ADPycdueoeAA8e6lY4PnIrIMQfExLhOSeVQApaP-3Ej0bDmOnHcts_WZYSmoZ28_ZjnxQkmMXyPYDJAWfNLiGuG4ZeWr92Mow-dV
x-cache: HIT, HIT
fastly-io-info: ifsz=33508 idim=150x150 ifmt=png ofsz=21200 odim=150x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 21200
x-served-by: cache-iad-kiad7000139-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090157.875053,VS0,VE0
etag: "ib2GqZ6/Q+zVKUGBALGR4Hs2tCu5OYJfWvZcVZf5Atw"
vary: Accept
x-goog-generation: 1610051527086992
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=FV7KEA==, md5=53eZYV4/A6ZAMcGr3y6uCg==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 33508
x-amz-checksum-crc32c: FV7KEA==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 49, 639

GET
H2 200 jm-longevity-noodles-square320.jpg
static01.nyt.com/images/2020/01/25/dining/jm-longevity-noodles/ 29 KB
29 KB 35ms
34ms Image
image/webp 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2020/01/25/dining/jm-longevity-noodles/jm-longevity-noodles-square320.jpg?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

fc8de78825109f4892247c30fd321636abb5025adfeef190e1ed79a216813bde

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Sun, 04 Feb 2024 23:29:19 GMT
date: Sun, 04 Feb 2024 23:42:36 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010211
age: 798
x-guploader-uploadid: ABPtcPqvgtX_uLqgbDJatru5vdVaATu40QuLlNxQ7XabxUCSBbcJGOZkTI6zoSLKkKO-3gA5Zimc3SguUg
x-cache: HIT, HIT
fastly-io-info: ifsz=59487 idim=320x320 ifmt=jpeg ofsz=29404 odim=320x320 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 29404
x-served-by: cache-iad-kjyo7100071-IAD, cache-mia-kmia1760045-MIA
server: UploadServer
x-timer: S1707090157.887617,VS0,VE0
etag: "zW/5nZlnTV+tVMmE6LkFZ9A9U2ndaWlh2bXAwtc2HNo"
vary: Accept
x-goog-generation: 1583515801111466
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=sGcC0A==, md5=KjA/DbJHhPcD2oYfM6faXQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 59487
x-amz-checksum-crc32c: sGcC0A==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 5, 8

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
352 B 88ms
86ms XHR
text/javascript 13.225.68.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax.amazon-adsystem.com/e/dtb/bid?src=3030&u=https%3A%2F%2Fg.112388.xyz%2F&pid=xmJ1AKT8ltLYh&cb=1&ws=1600x1200&v=24.129.1645&t=2000&slots=%5B%7B%22sd%22%3A%22dfp-ad-mid1%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22dfp-ad-mid1_hp_web%22%7D%5D&pj=%7B%22si_section%22%3A%22home%22%2C%22device%22%3A%7B%22sua%22%3A%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22source%22%3A2%2C%22platform%22%3A%7B%22brand%22%3A%22%22%2C%22version%22%3A%5B%22%22%5D%7D%2C%22browsers%22%3A%5B%5D%7D%7D%7D&cfgv=1&sm=48a81e37-c606-4a90-b9f3-dfc9c77b32b4&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.68.133 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-68-133.ewr53.r.cloudfront.net
Software: Server /
Resource Hash: 89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:36 GMT
via: 1.1 92f8ba2eac28a12283a77bc938ff1728.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: EWR53-C1
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://g.112388.xyz
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: M9i3Sg9NusXk9ie9G6Op3KXHx2lPSh03ARxj16cIzbo-a-SmM0gqiw==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
354 B 79ms
79ms XHR
text/javascript 13.225.68.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax.amazon-adsystem.com/e/dtb/bid?src=3030&u=https%3A%2F%2Fg.112388.xyz%2F&pid=xmJ1AKT8ltLYh&cb=2&ws=1600x1200&v=24.129.1645&t=2000&slots=%5B%7B%22sd%22%3A%22dfp-ad-mid2%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22dfp-ad-mid2_hp_web%22%7D%5D&pj=%7B%22si_section%22%3A%22home%22%2C%22device%22%3A%7B%22sua%22%3A%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22source%22%3A2%2C%22platform%22%3A%7B%22brand%22%3A%22%22%2C%22version%22%3A%5B%22%22%5D%7D%2C%22browsers%22%3A%5B%5D%7D%7D%7D&cfgv=1&sm=48a81e37-c606-4a90-b9f3-dfc9c77b32b4&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.68.133 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-68-133.ewr53.r.cloudfront.net
Software: Server /
Resource Hash: 5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:36 GMT
via: 1.1 92f8ba2eac28a12283a77bc938ff1728.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: EWR53-C1
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://g.112388.xyz
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: B4E3d-SdKhSKH9FCRorsLuJCcKHgvo7-NDqRkVTEdDRRlcwBmI2fHQ==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
352 B 84ms
83ms XHR
text/javascript 13.225.68.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax.amazon-adsystem.com/e/dtb/bid?src=3030&u=https%3A%2F%2Fg.112388.xyz%2F&pid=xmJ1AKT8ltLYh&cb=3&ws=1600x1200&v=24.129.1645&t=2000&slots=%5B%7B%22sd%22%3A%22dfp-ad-mid3%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22dfp-ad-mid3_hp_web%22%7D%5D&pj=%7B%22si_section%22%3A%22home%22%2C%22device%22%3A%7B%22sua%22%3A%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22source%22%3A2%2C%22platform%22%3A%7B%22brand%22%3A%22%22%2C%22version%22%3A%5B%22%22%5D%7D%2C%22browsers%22%3A%5B%5D%7D%7D%7D&cfgv=1&sm=48a81e37-c606-4a90-b9f3-dfc9c77b32b4&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.68.133 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-68-133.ewr53.r.cloudfront.net
Software: Server /
Resource Hash: 1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:36 GMT
via: 1.1 92f8ba2eac28a12283a77bc938ff1728.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: EWR53-C1
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://g.112388.xyz
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: szDomUWlnCHT689IYvionbRiiirt3CPssnCPlDFrEabkWv5d5GuW6g==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
353 B 75ms
75ms XHR
text/javascript 13.225.68.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax.amazon-adsystem.com/e/dtb/bid?src=3030&u=https%3A%2F%2Fg.112388.xyz%2F&pid=xmJ1AKT8ltLYh&cb=4&ws=1600x1200&v=24.129.1645&t=2000&slots=%5B%7B%22sd%22%3A%22dfp-ad-bottom%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22dfp-ad-bottom_hp_web%22%7D%5D&pj=%7B%22si_section%22%3A%22home%22%2C%22device%22%3A%7B%22sua%22%3A%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22source%22%3A2%2C%22platform%22%3A%7B%22brand%22%3A%22%22%2C%22version%22%3A%5B%22%22%5D%7D%2C%22browsers%22%3A%5B%5D%7D%7D%7D&cfgv=1&sm=48a81e37-c606-4a90-b9f3-dfc9c77b32b4&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.68.133 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-68-133.ewr53.r.cloudfront.net
Software: Server /
Resource Hash: 6139dddd3b6b6b847bccd476918dc8fb4f4f5a10908e5707c704f155e0918e84

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:36 GMT
via: 1.1 92f8ba2eac28a12283a77bc938ff1728.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: EWR53-C1
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://g.112388.xyz
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: Hfg10A8my5kS2u7MqbYB_97bQZnUMZtY2cLRy7IyEpiVBA6vNvAV8g==

GET meter.js
meter-svc.nytimes.com/ 0
0

OPTIONS
H2 405 meter.js
meter-svc.nytimes.com/ Frame 0
0 288ms
80ms Preflight 44.195.146.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://meter-svc.nytimes.com/meter.js?sourceApp=vi&messageComponentLibraryFallback=true&url=https%3A%2F%2Fg.112388.xyz%2F&referer=https%3A%2F%2Fg.112388.xyz%2F&pageviewID=o-AqkjuvZWgULz_8Q2mmKaPr&MessageSelectionAPI=real

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.195.146.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-195-146-220.compute-1.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: x-nyt-internal-meter-override
Access-Control-Request-Method: GET
Origin: https://g.112388.xyz
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-length: 0
date: Sun, 04 Feb 2024 23:42:37 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
via: 1.1 google
x-envoy-decorator-operation: meter-svc.nytimes.com:443/*
x-envoy-upstream-service-time: 22

GET
H2

200

activityi;dc_pre=CIaRsrPukoQDFZYjTwgdnI4B-A;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=3797920242416;npa=0;auiddc=1084755029.1707090157;u17=https%3A%2F%2Fg.112388.xyz%2F;u5=;u18=;pscdl=noapi;gtm=... Show response
5290727.fls.doubleclick.net/ Frame EC61
Redirect Chain

https://5290727.fls.doubleclick.net/activityi;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=3797920242416;npa=0;auiddc=1084755029.1707090157;u17=https%3A%2F%2Fg.112388.xyz%2F;u5=;u18=;pscdl=noapi;gt...
https://5290727.fls.doubleclick.net/activityi;dc_pre=CIaRsrPukoQDFZYjTwgdnI4B-A;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=3797920242416;npa=0;auiddc=1084755029.1707090157;u17=https%3A%2F%2Fg.112...

546 B
615 B

86ms
84ms

Document
text/html

142.250.80.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5290727.fls.doubleclick.net/activityi;dc_pre=CIaRsrPukoQDFZYjTwgdnI4B-A;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=3797920242416;npa=0;auiddc=1084755029.1707090157;u17=https%3A%2F%2Fg.112388.xyz%2F;u5=;u18=;pscdl=noapi;gtm=45He41v0v72703797za200;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fg.112388.xyz%2F?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.70 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f6.1e100.net

Software

cafe /

Resource Hash

a7fc07410c0a1a92a36a72e3f93526ec79d13ff4b8405ee5d8788425eabce71e

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://g.112388.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 311
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 04 Feb 2024 23:42:37 GMT
expires: Sun, 04 Feb 2024 23:42:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 04 Feb 2024 23:42:37 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5290727.fls.doubleclick.net/activityi;dc_pre=CIaRsrPukoQDFZYjTwgdnI4B-A;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=3797920242416;npa=0;auiddc=1084755029.1707090157;u17=https%3A%2F%2Fg.112388.xyz%2F;u5=;u18=;pscdl=noapi;gtm=45He41v0v72703797za200;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fg.112388.xyz%2F?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 chartbeat_video.js Show response
static.chartbeat.com/js/ 71 KB
24 KB 276ms
77ms Script
application/x-javascript 2600:9000:24f1:3a00:18:1fcd:353:c61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_video.js
Requested by: Host: g.112388.xyz
URL: https://g.112388.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:24f1:3a00:18:1fcd:353:c61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 53e637909208e211f753b68ab0cb2312abfb528b9920e8a3b6eddcb89eb861cd

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 19:05:03 GMT
content-encoding: gzip
via: 1.1 8ee187646f657ced7afa83005e9249cc.cloudfront.net (CloudFront)
last-modified: Thu, 21 Dec 2023 01:04:59 GMT
server: nginx
x-amz-cf-pop: JFK50-P4
age: 16654
etag: W/"65838f3b-11b0d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-amz-cf-id: PLXnbrv1cu5fXxqTfR5ULy9U_njzVsj1WKdbRdaIKwQVdeQ92YhOQw==
expires: Mon, 05 Feb 2024 19:05:03 GMT

GET
H2 200 show-ads.js Show response
a1.nyt.com/analytics/ 45 B
397 B 86ms
72ms Script
text/javascript 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://a1.nyt.com/analytics/show-ads.js

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

8aa1e610b22079cb84a89491850b86860036e3f2c9750a367d839b9a6a63d306

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Fri, 03 Feb 2023 05:46:10 GMT
date: Sun, 04 Feb 2024 23:42:37 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 49831
x-guploader-uploadid: ADPycdtjsmE2ICVIHSb7QJIooj9C3ooKmyI_oHmScreRwweaj0y_HtjPAb6r4E4go2UTjIfkbtHxq5hJwFFKyHtcAl78KE6PGa1F
x-cache: HIT
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 65
x-served-by: cache-mia-kmia1760045-MIA
last-modified: Wed, 22 Dec 2021 23:30:41 GMT
server: UploadServer
x-timer: S1707090157.099548,VS0,VE0
etag: "1d291da792456bd015b664ee1119a5e0"
vary: X-Goog-Allowed-Resources, Accept-Encoding
x-goog-generation: 1640215841852360
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-goog-hash: crc32c=nM1/Pw==, md5=HSkdp5JFa9AVtmTuERml4A==
access-control-expose-headers: Content-Type
cache-control: public, max-age=86400
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 45
accept-ranges: bytes
x-nyt-pagetype: nyt-dti-analytic
timing-allow-origin: *
x-cache-hits: 7499

GET
H2 200 comscore-streaming.js Show response
a1.nyt.com/analytics/ 103 KB
19 KB 81ms
68ms Script
text/javascript 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://a1.nyt.com/analytics/comscore-streaming.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

fe8d5a6f12533884b6896dd290e422c830e86e0228d45dbe97ac03c6e86a5b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Thu, 30 Mar 2023 05:47:04 GMT
date: Sun, 04 Feb 2024 23:42:37 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 58344
x-guploader-uploadid: ADPycdu5aboERq8SBOffIq0Rm5gnlya54qEahmMwUJKY8zxEX-PusSwrkXsuhsRS3dYBg8jXzMx0ivKjxF60DPN0tvhLHA
x-cache: HIT
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 18717
x-served-by: cache-mia-kmia1760045-MIA
last-modified: Wed, 22 Dec 2021 23:30:41 GMT
server: UploadServer
x-timer: S1707090157.098659,VS0,VE0
etag: "04e0b9556a78ce5cedf86a34e5483036"
vary: Accept-Encoding
x-goog-generation: 1640215841902856
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-goog-hash: crc32c=XkdIyw==, md5=BOC5VWp4zlzt+Go05UgwNg==
access-control-expose-headers: Content-Type
cache-control: public, max-age=86400
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 105675
accept-ranges: bytes
x-nyt-pagetype: nyt-dti-analytic
timing-allow-origin: *
x-cache-hits: 7340

GET
H2 200 nyt.js Show response
cdn.brandmetrics.com/tag/85a1ebf79602421aa1c2c2f24d32cb6c/ 5 KB
3 KB 198ms
43ms Script
text/javascript 2606:4700:20::ac43:4842
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.brandmetrics.com/tag/85a1ebf79602421aa1c2c2f24d32cb6c/nyt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4842 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 062ca1252e35b1dded0e404cac8925e32b9b82879171af32233b075027c30126

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:37 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Sun, 04 Feb 2024 23:07:49 GMT
server: cloudflare
age: 2088
cf-polished: origSize=5357
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ja4JRiuVi5ZWcSQVGY5UNcA2NFFDlKTGYN1nTBa%2BFIheR8b70%2F%2FabCd5SsOdozwi0fe2WEy4JLGVlTn4mzR1cBNDnxjJzF5kVUUReTeCb%2FVJAE1Mx36j2Kcd4kDousF2aEFO7rXltyY6sOLV6qfG0jPs"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 8506c56a8ff3743a-MIA
request-context: appId=cid-v1:5c986aee-9723-4541-b38e-d4ac73c46937

GET
H2 206 115301_1_00gaza-vignettes-hp-promo_wg_720p.mp4
vp.nyt.com/video/2024/02/02/ 8 MB
0 47ms
37ms Media
video/mp4 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://vp.nyt.com/video/2024/02/02/115301_1_00gaza-vignettes-hp-promo_wg_720p.mp4

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/vi-assets/static-assets/home-c8f6a9761955798473fa.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g.112388.xyz/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Range: bytes=0-

Response headers

expires: Sun, 04 Feb 2024 09:18:31 GMT
date: Sun, 04 Feb 2024 23:42:37 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 51845
x-guploader-uploadid: ABPtcPogBGvUUu3cPBPV4XT5PGD-a7Hlf7fh6PAEe28_w2T_CqIi24CIfu142mCjdlZM76nvgGlyper7vg
x-cache: HIT, HIT
x-goog-storage-class: REGIONAL
Content-Range: bytes 0-8033753/8033754
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
Content-Length: 8033754
x-served-by: cache-chi-kigq8000071-CHI, cache-mia-kmia1760045-MIA
last-modified: Fri, 02 Feb 2024 19:49:21 GMT
server: UploadServer
x-timer: S1707090157.220177,VS0,VE1
etag: "f1a8c6d0ad8b815b640769f3ddd54504"
x-goog-generation: 1706903361888561
content-type: video/mp4
access-control-allow-origin: *
x-goog-hash: crc32c=PhEE7A==, md5=8ajG0K2LgVtkB2nz3dVFBA==
cache-control: max-age=60, s-maxage=86400, stale-if-error=86400
access-control-allow-methods: GET, HEAD, OPTIONS
x-goog-stored-content-length: 8033754
accept-ranges: bytes
x-cache-hits: 7, 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 22 KB
10 KB 597ms
596ms XHR
text/plain 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2384352275948271&correlator=907037925540985&eid=31079959%2C31080784%2C31080792%2C31067357%2C31079525&output=ldjh&gdfp_req=1&vrg=202401290201&ptt=17&impl=fif&iu_parts=29390238%2Cnyt%2Chomepage&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C728x90%7C970x90%7C970x250%7C1605x300&fluid=height&ifi=1&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1707090157239&lmt=1707090027&adxs=0&adys=15&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fg.112388.xyz%2F&vis=1&psz=1600x0&msz=1600x0&fws=4&ohw=1600&ga_vid=186974768.1707090157&ga_sid=1707090157&ga_hid=1429412032&ga_fc=false&dlt=1707090153789&idt=3017&prev_scp=div%3Ddfp-ad-top%26pos%3Dtop%26amznbid%3D2%26amznp%3D2%26request_time%3D3430&cust_params=als_test_clientside%3Dreqfailed_reqfailed_reqfailed_20240204134234%26edn%3Dus%26test%3Dprojectvi%26ver%3Dvi%26typ%3Dhp%26prop%3Dnyt%26plat%3Dweb%26abra_dfp%3D%26sov%3D3%26page_view_id%3Do-AqkjuvZWgULz_8Q2mmKaPr%26vp%3Dlarge%26uap%3Dbrowser&adks=2496155832&frm=20

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b077c79d2669e5065c4e9b1ae880cd4fef6eb24d52cb1cb47964135e280ed86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:37 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10246
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://g.112388.xyz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5501 6 KB
3 KB 240ms
79ms Document
text/html 2607:f8b0:4006:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401290201/pubads_impl.js?cb=31080792

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://g.112388.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 04 Feb 2024 23:42:37 GMT
expires: Mon, 03 Feb 2025 23:42:37 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 track
a.et.nytimes.com/ 0
0 142ms
142ms Ping
text/plain 52.203.246.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: g.112388.xyz
URL: https://g.112388.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.203.246.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-203-246-132.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://g.112388.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 dc_pre=CIaRsrPukoQDFZYjTwgdnI4B-A;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=3797920242416;npa=0;auiddc=*;u17=https%3A%2F%2Fg.112388.xyz%2F;u5=;u18=;pscdl=noapi;gtm=45He41v0v72703797za200;gcd=13l...
adservice.google.com/ddm/fls/z/ Frame EC61 42 B
401 B 237ms
96ms Image
image/gif 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CIaRsrPukoQDFZYjTwgdnI4B-A;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=3797920242416;npa=0;auiddc=*;u17=https%3A%2F%2Fg.112388.xyz%2F;u5=;u18=;pscdl=noapi;gtm=45He41v0v72703797za200;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fg.112388.xyz%2F

Requested by

Host: 5290727.fls.doubleclick.net
URL: https://5290727.fls.doubleclick.net/activityi;dc_pre=CIaRsrPukoQDFZYjTwgdnI4B-A;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=3797920242416;npa=0;auiddc=1084755029.1707090157;u17=https%3A%2F%2Fg.112388.xyz%2F;u5=;u18=;pscdl=noapi;gtm=45He41v0v72703797za200;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fg.112388.xyz%2F?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://5290727.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 79ms
79ms Preflight 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-entitlements,x-nyt-internal-meter-override,x-nyt-news-tenure,x-nyt-programming-abtest,x-nyt-targeting-dimensions-map
Access-Control-Request-Method: POST
Origin: https://g.112388.xyz
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-entitlements,x-nyt-internal-meter-override,x-nyt-news-tenure,x-nyt-programming-abtest,x-nyt-targeting-dimensions-map
access-control-allow-methods: GET,POST
access-control-expose-headers: x-nyt-audience-target-flat,x-nyt-continent,x-nyt-country,x-nyt-region,x-nyt-meridiem,x-nyt-gmt-offset
access-control-max-age: 300
age: 0
content-length: 0
date: Sun, 04 Feb 2024 23:42:37 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Accept-Encoding, Access-Control-Request-Method
via: 1.1 google, 1.1 varnish
x-cache: MISS
x-cache-hits: 1
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 18
x-nyt-audience-target-flat: NA:PM
x-nyt-continent: NA
x-nyt-country: US
x-nyt-edge-cache: MISS
x-nyt-meridiem: PM
x-nyt-region: NY
x-samizdat-query-exe-id: 96a9466031d6cc21
x-samizdat-query-field-errors: 0
x-served-by: cache-mia-kmia1760037-MIA
x-timer: S1707090158.647927,VS0,VE45

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 54ms
54ms Preflight 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-entitlements,x-nyt-internal-meter-override,x-nyt-news-tenure,x-nyt-programming-abtest,x-nyt-targeting-dimensions-map
Access-Control-Request-Method: POST
Origin: https://g.112388.xyz
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-entitlements,x-nyt-internal-meter-override,x-nyt-news-tenure,x-nyt-programming-abtest,x-nyt-targeting-dimensions-map
access-control-allow-methods: GET,POST
access-control-expose-headers: x-nyt-audience-target-flat,x-nyt-continent,x-nyt-country,x-nyt-region,x-nyt-meridiem,x-nyt-gmt-offset
access-control-max-age: 300
age: 0
content-length: 0
date: Sun, 04 Feb 2024 23:42:37 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Accept-Encoding, Access-Control-Request-Method
via: 1.1 google, 1.1 varnish
x-cache: HIT
x-cache-hits: 1
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 18
x-nyt-audience-target-flat: NA:PM
x-nyt-continent: NA
x-nyt-country: US
x-nyt-edge-cache: HIT
x-nyt-meridiem: PM
x-nyt-region: NY
x-samizdat-query-exe-id: 879bba1ef5200fea
x-samizdat-query-field-errors: 0
x-served-by: cache-mia-kmia1760037-MIA
x-timer: S1707090158.671982,VS0,VE21

POST v2
samizdat-graphql.nytimes.com/graphql/ 0
0

GET
BLOB 200
OK ad0025d4-d694-49de-a4f4-bcba63ef1ca5
https://g.112388.xyz/ 597 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://g.112388.xyz/ad0025d4-d694-49de-a4f4-bcba63ef1ca5
Requested by: Host: g.112388.xyz
URL: https://g.112388.xyz/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6292d47914f9b1671e0c7b3076ea35aa0127785ed01ae8df56f534171114b08a

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Length: 597
Content-Type: application/javascript

GET
H2 200 65568.js Show response
cdn.brandmetrics.com/scripts/bundle/ 48 KB
15 KB 429ms
427ms Script
text/javascript 2606:4700:20::ac43:4842
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.brandmetrics.com/scripts/bundle/65568.js?sid=4486dfe2-780e-4dfa-a60a-2a948887658f&toploc=g.112388.xyz
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4842 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a88615dd5a9d09d0c89d75dc659dae7de6e301c44be64b3456d09cd9876b4631

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:38 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 04 Feb 2024 23:42:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8g5OF35mS6%2B966aK8usHmQYUZv8loYrPWFaGmxEuQ0osEVFidcA2kCuyZ2XJuaWmllUyypNG2aJi4we7gcLPioiZQSW4Wl%2FG4LkGBE%2FbRJLMTrhlI5vNDN3mrSufahL83kUG73U2OAB8ufRrBwC%2BRU%2FX"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 8506c56ef818743a-MIA
request-context: appId=cid-v1:5c986aee-9723-4541-b38e-d4ac73c46937

GET
H2 200 ping
pnytimes.chartbeat.net/ 43 B
201 B 187ms
58ms Image
image/gif 54.243.156.193
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pnytimes.chartbeat.net/ping?h=nytimes.com&p=nytimes.com%2F&u=BB0jYnBOiWNHC4cEDV&d=g.112388.xyz&g=16698&g0=Homepage&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=13796&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&PA=https%3A%2F%2Fg.112388.xyz%2F&b=4362&t=gk0hqDKv7qFCcPPhLBr07VSB0wJS-&V=143&i=The%20New%20York%20Times%20-%20Breaking%20News%2C%20US%20News%2C%20World%20News%20and%20Videos&tz=600&sn=1&sv=7bakUYhYb_C8APrmBhcwnfp74jm&sr=external&sd=1&im=06672fd3&_
Requested by: Host: g.112388.xyz
URL: https://g.112388.xyz/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.243.156.193 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-243-156-193.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 04 Feb 2024 23:42:38 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-length: 43
expires: 0

GET
H2 200 container.html Show response
fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4950 6 KB
3 KB 64ms
62ms Document
text/html 2607:f8b0:4006:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://g.112388.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 04 Feb 2024 23:42:37 GMT
expires: Mon, 03 Feb 2025 23:42:37 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 / Show response
dd.nytimes.com/js/ 232 B
618 B 193ms
68ms XHR
application/json 18.238.55.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dd.nytimes.com/js/

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.123 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-123.jfk52.r.cloudfront.net

Software

DataDome /

Resource Hash

d9cf48015447f4a3991c67448b856b09b78927711921cb57fa626a66472177d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://g.112388.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:38 GMT
via: 1.1 c49af0736096dd9eb595aafed0498ed4.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
server: DataDome
x-amz-cf-pop: JFK52-P4
x-cache: Miss from cloudfront
content-type: application/json;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-length: 232
x-amz-cf-id: Txcp_XgD06A2oBOtMSiM1Gc4LKJynyzoQMowZEljTjeWlPa6Mj-PTg==
expires: 0

POST
H2 204 ping Show response
pagead2.googlesyndication.com/pagead/ 0
0 235ms
100ms Fetch
text/html 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:809::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://g.112388.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 grumi.js Show response
rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/ Frame 4950 243 KB
80 KB 74ms
71ms Script
text/javascript 2600:9000:2511:600:4:b37b:9440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Requested by: Host: g.112388.xyz
URL: https://g.112388.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2511:600:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cf9ae4044157011ddd7fcaebdd061f5457b6996bec08d166ca9bdcb706e10de4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:23:30 GMT
x-amz-version-id: tkrD9z3KEk9UH_UJICAuP.4QwaVMXZYu
content-encoding: br
via: 1.1 17eb4ce9c34597b3328325a19f8138fe.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P6
age: 1149
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sun, 04 Feb 2024 23:08:41 GMT
server: AmazonS3
etag: W/"de16bbd975f059b183b2885d6f9f1c96"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public,max-age=3600,stale-while-revalidate=3600,immutable,must-revalidate
timing-allow-origin: *
x-amz-cf-id: Og-bQl5cQ8Vr3JTuXEfJ0D971IEWC7n_eUSqvhdHIVL7Z-1aTpPNLw==

GET
H2 200 ping
pnytimes.chartbeat.net/ 43 B
200 B 59ms
58ms Image
image/gif 54.243.156.193
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pnytimes.chartbeat.net/ping?h=video%40nytimes.com&g=16698&p=https%3A%2F%2Fvp.nyt.com%2Fvideo%2F2024%2F02%2F02%2F115301_1_00gaza-vignettes-hp-promo_wg_720p.mp4&i=&g0=Homepage&u=Bd8YTZDZQCdU94rLz&t=zOTiGDmT39WDWj5xsDWL-9fD_1r5X&x=0&y=0&V=143&VS=H5&n=1&b=4376&r=&_vd=25055&_vi=The%20New%20York%20Times%20-%20Breaking%20News%2C%20US%20News%2C%20World%20News%20and%20Videos&_vp=nytimes.com%2F&_vh=g.112388.xyz&_pu=BB0jYnBOiWNHC4cEDV&_pt=gk0hqDKv7qFCcPPhLBr07VSB0wJS-&_pr=&_vdd=nytimes.com&_vt=ct&_vs=s2&_vcs=0&_vbr=-1&_vvs=0.326&_vpt=71&_vaup=man&_vce=0&c=0.01&W=0&R=1&I=0&E=0&j=20&tz=600&_
Requested by: Host: g.112388.xyz
URL: https://g.112388.xyz/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.243.156.193 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-243-156-193.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 04 Feb 2024 23:42:38 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-length: 43
expires: 0

POST
H2 200 track
a.et.nytimes.com/ 0
0 85ms
84ms Ping
text/plain 52.203.246.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: g.112388.xyz
URL: https://g.112388.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.203.246.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-203-246-132.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://g.112388.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H/1.1 200
OK c.js Show response
collector.brandmetrics.com/ 0
188 B 476ms
79ms Script
text/javascript 20.40.202.2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://collector.brandmetrics.com/c.js?siteid=4486dfe2-780e-4dfa-a60a-2a948887658f&toploc=g.112388.xyz&rnd=2369026
Requested by: Host: cdn.brandmetrics.com
URL: https://cdn.brandmetrics.com/scripts/bundle/65568.js?sid=4486dfe2-780e-4dfa-a60a-2a948887658f&toploc=g.112388.xyz
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 20.40.202.2 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Request-Context: appId=cid-v1:5c986aee-9723-4541-b38e-d4ac73c46937
Date: Sun, 04 Feb 2024 23:42:38 GMT
Content-Length: 0
Content-Type: text/javascript;charset=utf-8

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F155 624 B
825 B 237ms
93ms Document
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhiQsuHtATAB&v=APEucNVhXUTFhHiwMORnwAejTcp9g92oFpqdX8xSB-WR9wezD4lVJyQYMSX2MYq2MIYfJeKcWCWfCXyGnn5X8qh5hWlPieUF7w

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 04 Feb 2024 23:42:38 GMT
expires: Sun, 04 Feb 2024 23:42:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 4950 93 KB
33 KB 313ms
175ms Script
text/javascript 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ed0e7e64215a9663152e2d5c1c9a5ba0fe76c9f5de3dfe71bf45f0a64e977c69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33320
x-xss-protection: 0
server: cafe
etag: 12501049806231860069
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sun, 04 Feb 2024 23:42:38 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240131/r20110914/client/ Frame 4950 3 KB
1 KB 74ms
72ms Script
text/javascript 2607:f8b0:4006:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240131/r20110914/client/window_focus_fy2021.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 16:53:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24542
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 18 Feb 2024 16:53:36 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240131/r20110914/client/ Frame 4950 20 KB
9 KB 67ms
66ms Script
text/javascript 2607:f8b0:4006:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240131/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 16:53:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24542
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8501
x-xss-protection: 0
server: cafe
etag: 9351358253902147912
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 18 Feb 2024 16:53:36 GMT

GET
H2 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 4950 205 KB
62 KB 200ms
64ms Script
text/javascript 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84af93c376277b2fb1c7962b45ce84e1e0a31202815ceb873bd980df4378f62b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 801
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63267
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 00:29:17 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4950 42 B
173 B 344ms
207ms Image
image/gif 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C2Ne4VMrGnfSH57s0OJgDHCZkZ3gb7NqJxI-BdFhOdRhXUb-cF1AE4KL-uz7ZJ81ofV2SAvCDclBmIlRsVu8iwWn0RaBIZq3uw9WTo6biiarNWaPw

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4950 0
58 B 99ms
98ms Ping
image/gif 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=802561139211&version=m202401290101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4950 0
56 B 94ms
94ms Ping
image/gif 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=802561139211&version=m202401290101&ct=119&x=1&cor=13678582732844595000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 4950 93 KB
39 KB 119ms
117ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D8XRwKGo4jaA7l-491mCjefyGJ4m-GPF2U303pTpzg7pV7MNIxtWMRj_c504--kkpp8kjmQ8zR7JtNpdHL26BQYIQTZ6zd0MaAGevobfN1NbVQ-HTGKe4MGRJhvpdYgLVpdk7GNm9gTfxfnpUA7e-b7fD_lG1hYNZSl7xi7OKLGYZ35p-S69rMQkWOTLxFNXFHB23b&cry=1&dbm_d=AKAmf-DqFRB0GcQe6ZjVQR3zZTXNvSayj6MQXpisNRkFp8iyfIqc0t_z4rCJt4hg8o12KqVjDs5hyEQ0sasLQ_a4dlHSgwAvi-_OZKdZA0rfoHzNsbWjKQ4Ian1-1itejoj3sxsbdpbgizH9ZIFcBZ5zsGEuhayXnhARS7BKrrt9cjLpPPQuA-wSSMuYKF9mostakCeNfzZCmPgWC1rDjFMJ2uZzQot_mmDG2nvB8ZVtoP03p_EVlKo6Wv3_SVNYsp2kkckOcn6PIL8FNVvP5x8h_GaNAZDW2nEc26w1HOLr9jY-PblYM4JWrcKEu6_W7L2x1xN7pJx3DF53lDIpdBsHM2TY5bY657gO3y3qdIwkC923JeEzc9PCRXGbY8cimzQgpJPl8EIe0p8-v90g7xMRQrp56eQKpH-0tedIeRgi7zMRM88FvkJjRHJ-Yxlux-QMoFzsG4EbgKLbt_imvvxE0m1XDzCMMMKV0wN18Z_wiYSWwalblxAd1fuZOOsWttX3-lxH7MKgqBXg-bZTAVSGtFjb6Or1k3Z4kdJuZDa_EgjUdpwKt8QRQBcu_QvTH8zLHRt8MiVkJuOKcYIBTiiLuiQ-DMIluWFTwTMqUEp9mSHMxn1XS_qshjC5whVwr2dzo0dScSmEQwZmeJ7oT7EpFhfHgGGM2fhmZnqkcxwN-mk1CQJV5vqNHGyDnD-_lBZJ2mdWJVAKTmDxsSLifzTsZXyaVqNenGkkbfK5QdD7E7SyTzd6hII_DukmbcyX9S-JAKe05OxeVMKNLaaAHN58F33kX43RITrFdcaxGjU2x0-OGoRb-lPEbCcgP0Qf-oz3Pt7RiKzTtD83xxytToEzftYOKiMrZBeRXzG-GYwLdpcq3trwfIBpdBwesFiMKR0fFuEHWqXa3uyFjzUZBmy8e5lOweHjXFbIP12AvxXISZcZZ360jaq88QbP2SIB1Fm0tE9wD5SGrmU_8Hg28AcETC5Et7zuyFnrvAgQT9YeSuqYpNW-aDhP8-ghLehfyQHJbUPNGo_fMvEs87MDEmrF-sffDEfB5xezLr9ck-EoaI-sQtrELjwiK0PLszhdMjJ9JDNBNE2c4paj0Ln0WCaLB-7pUFIfUDDswiAlU5fI1Wu4CBAordAAgUMnhaIjp49KnuoI_9JQ2m73M2hNt1DCWy8z13e9M6eAsPYUXV_jCWbMs0vJO9UthTbUkz17PS34YMwlA29u-Xm0-d2R2EiB9bQkLDHur6CbUZwALH4arLDCQmnCWHyzqW5mRjID9JZ1l4R8H4ccQ6J1ZsPQNcDX2ioYp0jdjfolyOr_kmBBtpa9R8GlWRkEZmY242-Dcnk3EOUovB0zO46RHqSDbK2r7YNH8CdeHMD_4ILllqJYBiCnU08mFAOq2HyH-dstu5FMfrsn7wL-tE6gUMwoWZOeYamFZZJUnpvU0JtNBiXPlqwC9rTpSXutS99FGPTItuEWuB7OPkefUAzpoHj4h9cG1olBQdm-rn0yOakz_e9D6ydaZyhGAcl5zz0ocLWFkflJgGFVm0uJVgFR6OPwlG7QcV4N0JDc8fxhR3EYcftROd5WZbEJKeqIRfFcKdx0yAXIUr2EJdK1pcujQ8jGnfW9Yp8ngIGWL7hPmavyi5l13BWhnLzEqIfZ4DJxyqFJZ0-99jfm4giqSeC0CMrvIph9FJx0AuaWCKEqiUzWj0UxifNSe8CNSH8lidK36EeZ5UalA4SfipMFHpS9HGTvgwRiF4VjHzWJyUZT4OEqd5xTdX2kupfE2qEHZKsn3e3yA4z-oB4lM4Mw3klRLP4UDcEQIlnaqQgLu9ZITCa6CzAappmOgxut7XYLRPzcom2ClVCdT2po991_J1n0m8ZU5LqqPmg0seLyc1gGUuw26VAvzGwhiTZLAc3EAHhHHoUuWFGNgTCbCRjv95UXHfDY38mlOLZxg2JkTLHEPKkgpP7vQBxxxr0-cmhor80AO0GoUn_i5FG0Lzr2BHThKdA4ZRIaTsnE6UoE0IGB6Z9_yyEkhPwPh77D2nqPqzibkLsWrUlLzgXGgaCo2XCzW34eKYJCZw9RvBy_xDP-oD-VjtDBi1LgmDL7vpXw2ylWykrKDtpVkJ48AJ0jYD0efOLBj32AoMFPgNOR9ZDCwLCEZpJ94sjkXsgHdgD54muXvsGpyeURM-F2RpuIXpivoW5tokAWHNFEIHcyao41cP-dE-BoDym32qiMiD_pIf3YT-Xk_xnGtHUPBqJC4YibbRaVtJjVZ_YHz2BHSaQvkRTY1UJuX3HTX7zW1jzgerW0JwSe6larVN1ug8p7IHkSdVArsr4e5OoN9Yw4PDtgjsOVmro1Ld7Tsm2nh5TCXf2gb_SemoK0ioFBbTntK_WNG15uZTqpMgIPSP_1KW--ErcEchFIr6x2eZa2gV4gl3SVOL4gl5HfVObHsTAa2qr4vG7oZtmizU8dduiqWfLBXfOOkLei-LrpTNs1Fl0Z1_2ZyI98JFnX1GQoS99hPRU-V_L8XFN8AI44y0ms-9_vkXEbkn6Ws921vCmQ6hMxopweNfWu9ix2eXezh7BfgNiYyYDxuaxcXOi4Whla_yqFqcl99wdQgU2khgawib4ARYIJ6UeDF-iyY8w404_kYXXiijQcItQRbCf5OwTR9737Bg3mY1HZsOGfZk3e5AW52a_mOtL_k8LhssbCTj7Cu87iLoTYhW2PSxoIzY6UpYxqL7Wh6QPp85QoKL-z0cHk8SYbkBYvm_SlMNYMXT5EOymgT60NnZG6IdEnUlge2MeUzpxuzeSy4jynv7WK7pKBXnF255_E26O6z5wHyui9DnnLt7eJ8q3wApeEPf0YFuIB7rcMkiuAtwicuOKOlgGNNXbM0A8mpXLO4DHLlh-Td_wcKdBP1pSLlg4VpdNxxdJoaHKLw-hji1WeS3aIU7YWPM3nAmKqb00sO1O2qSMKZwAyQX8YdMov-0o6anMcQKPw5chvVkCfVYg83vmZwgMBsF9MDIEafmxeZXe4TlQp_nVE8gXwEGsH0tH4mX7spzfqAl9bphwYaBbIghn0O9QfkzKN40tbQPsRI-TZtj9u9o3X8GVNOVZDXjNN-s_vMifPtDOUXExnocRHEPVvrqXmTEArZImA3A0FULSjO4sLSTwkGP-LDwR6SQGkuwlKJMt1cjBXAEuyepnhYDSqTe0MpFdNT9McZhnbTTPDBfefZzY95e6aPnqC0-_S-W-Rcg8Fv9aD9ngs4wgn9yU6eXMDr0u_L0uqg6mvdDUFwXzMxnCDW7hjm2N3ASmrqDcKHNzemMmPkf2hsIXWcAgSgEhxAgD_hx3q3qu3OKssCyAQUNbZBqr7Szy1nQzxSSQl-QMwVTdxdn2SEYTSnSFlzexP-xhqwjxK2zejdilUHGgsAsWsE5BBxe9ioaDxo6cgE8Mm5PSl9_mJeAywYyzCNCYp3FdvXmEF97XjQratwClZ5XnJ4ieaJRjsJydqsiLDwKsYLnMnG-17MxWUU1JO-_Zv9arUVdM9aAVV4v0Y3ArNgo73fY3cDo7ku6p9LP4RjoWIpgEL92S1LFhaBFfp2jc5lzG4dz2HZ2uNJiPmveBesLCt3aFy-uOFZYxSBSTVNvqpq5cBaXeotejhCCgu7H86mobC4A3NovWSQPSPlJLr4A3qlG84uZoelEbfE0mhYS7t0WIJlQ2aSDl1aMjLn3BD7arglShvehtM7BrLRWsgu3v4vgdwQ8MfMf1EPFaukVFK3HrDQwKq1t8Br6pQM0Q0EHwVbrCkC7IeS9Wa8x72AkKbyBuxqxxNGgWu5S4pZ5S9vfEmoiku65rGBH1j3D1CyJEdcZ7n3aBxycdvrJ4RhTPCpuktDPNhPAh__VtE-IZ-FkTc0HKJ3JWNsdCNvXdNoxhB1CD3Nz9KmGGj3dELf2FaPCeHXdqyF_hZUIKp4Kw6Gu8qMuLvDKlntnu5oCOs-CottxyVV9l_eMJxd93X&cid=CAQSTgAvHhf_oRpAgmx2nM2_g1pneGGjVslsukx8HMFWCIKElR0KlSRH6ZPSqjWGqctqyyGW3ZJSG4dFLifbXNPHLezHkPul-U3mPBNyaJj84xgB&dv3_ver=m202401290101&rfl=https%3A%2F%2Fg.112388.xyz%2F&ds=l&xdt=1&iif=1&cor=13678582732844595000&adk=250412561&idt=345&cac=0&dtd=29

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38333035595b62181536e9b4cdb257daa65a3e5ee70078a44399fa7e0f2750df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39390
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame F155
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECVZjYU_0ENYaS3Ec24gYDI&google_cver=1

43 B
767 B

79ms
78ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECVZjYU_0ENYaS3Ec24gYDI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhiQsuHtATAB&v=APEucNVhXUTFhHiwMORnwAejTcp9g92oFpqdX8xSB-WR9wezD4lVJyQYMSX2MYq2MIYfJeKcWCWfCXyGnn5X8qh5hWlPieUF7w
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:39 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J8wFkNpTo5FFFbBBn6MqplQ1IEsYondr7ijbxYjC%2FLzjUVP8D6MznmkID4TTV75CxWFo9gQm0Og2eRgF6nmY4xJPgfHoYBmEtBihS8zjIi79cKYxg5dHfNcjp%2BZJkpZayOTj3eOPXdlyng%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8506c5762f669aef-MIA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:38 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECVZjYU_0ENYaS3Ec24gYDI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame F155
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZcAg7m0U58nwuBiLQYCqrgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECVZjYU_0ENYaS3Ec24gYDI&google_cver=1

43 B
732 B

82ms
82ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECVZjYU_0ENYaS3Ec24gYDI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhiQsuHtATAB&v=APEucNVhXUTFhHiwMORnwAejTcp9g92oFpqdX8xSB-WR9wezD4lVJyQYMSX2MYq2MIYfJeKcWCWfCXyGnn5X8qh5hWlPieUF7w
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:39 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dQ1IsqYC%2BJVhv%2FGHSAR25R3u2zteQWcnIt7lc4oBM3HdlOHagPZ%2BjyZ4rf6atawXA6SdAinLLigCB9OdFyAAR6yhFEAtpTTlg88EJANbgpu%2FyeHf5szpmmiETdWxG3CUAkYHWmJV9RthfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8506c5762f689aef-MIA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:38 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECVZjYU_0ENYaS3Ec24gYDI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame F155
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEMnxdPYHJtslgAMu00jQMHc&google_cver=1

43 B
1 KB

69ms
68ms

Image
image/gif

68.67.161.182
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEMnxdPYHJtslgAMu00jQMHc&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhiQsuHtATAB&v=APEucNVhXUTFhHiwMORnwAejTcp9g92oFpqdX8xSB-WR9wezD4lVJyQYMSX2MYq2MIYfJeKcWCWfCXyGnn5X8qh5hWlPieUF7w

Protocol

Server

68.67.161.182 Jersey City, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:39 GMT
an-x-request-uuid: f98dafe7-6041-432a-bbc9-3a841e59d46c
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 38.132.118.68; 38.132.118.68; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:38 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEMnxdPYHJtslgAMu00jQMHc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame F155
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzk1Mzk1MjU1Mjk4MjAwNTAy

170 B
243 B

82ms
81ms

Image
image/png

142.250.72.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzk1Mzk1MjU1Mjk4MjAwNTAy

Requested by

Protocol

Server

142.250.72.98 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s32-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:38 GMT
an-x-request-uuid: 51a2a5c9-35bc-40c1-afc7-a04e043726aa
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzk1Mzk1MjU1Mjk4MjAwNTAy
x-proxy-origin: 38.132.118.68; 38.132.118.68; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 4950 172 KB
61 KB 272ms
63ms Script
text/javascript 2607:f8b0:4006:824::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
Origin: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 20:44:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10671
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 05 Feb 2024 20:44:48 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240131/r20110914/elements/html/ Frame 4950 12 KB
4 KB 64ms
63ms Script
text/javascript 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240131/r20110914/elements/html/omrhp.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 16:15:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26821
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4383
x-xss-protection: 0
server: cafe
etag: 1583492410672046836
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 18 Feb 2024 16:15:37 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240131/r20110914/ Frame 4950 31 KB
12 KB 63ms
63ms Script
text/javascript 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240131/r20110914/abg_lite.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d84037bada82c8af096c750483248eb827b621c42236f3b687cc07c2f93d6dbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 17:15:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11928
x-xss-protection: 0
server: cafe
etag: 10551285868935850944
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 18 Feb 2024 17:15:27 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 4950 41 KB
14 KB 64ms
63ms Script
text/javascript 2607:f8b0:4006:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 09:17:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 311085
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 31 Jan 2025 09:17:54 GMT

GET
DATA 200
OK truncated
/ Frame 4950 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fe87d3b4e6e6a32c37a1eb2ea77266c29ecc4891c1ba51ec95e9a000514240a5

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 init Show response
gw.geoedge.be/api/ Frame 4950 0
216 B 243ms
74ms XHR
text/plain 2600:9000:210b:f800:10:43f:4352:ad61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gw.geoedge.be/api/init
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:210b:f800:10:43f:4352:ad61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: *
date: Sun, 04 Feb 2024 23:42:39 GMT
via: 1.1 6f773b38a039c4c643665ffcabe35fd0.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR53-C3
content-length: 0
x-amz-cf-id: _lenzF2L2i9YMDvyMqMsT1RiuJV2ApIeqC7FMuoZ1w578tM1Jk2wlw==
x-cache: Miss from cloudfront

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame FF05 38 KB
13 KB 65ms
64ms Document
text/html 2607:f8b0:4006:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 310856
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 01 Feb 2024 09:21:43 GMT
expires: Fri, 31 Jan 2025 09:21:43 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame FF05 39 KB
15 KB 64ms
64ms Script
text/javascript 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 20:11:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12657
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 03 Feb 2025 20:11:42 GMT

GET
H2 200 ping
pnytimes.chartbeat.net/ 43 B
200 B 57ms
57ms Image
image/gif 54.243.156.193
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pnytimes.chartbeat.net/ping?h=nytimes.com&p=nytimes.com%2F&u=BB0jYnBOiWNHC4cEDV&d=g.112388.xyz&g=16698&g0=Homepage&g1=No%20Author&n=1&f=00001&c=0.02&x=0&m=0&y=12323&o=1600&w=1200&j=30&R=1&W=0&I=0&E=1&e=1&r=&PA=https%3A%2F%2Fg.112388.xyz%2F&b=4362&t=gk0hqDKv7qFCcPPhLBr07VSB0wJS-&V=143&tz=600&_vi=&_vp=https://vp.nyt.com/video/2024/02/02/115301_1_00gaza-vignettes-hp-promo_wg_720p.mp4&_vdd=video%40nytimes.com&_vs=s2&_vt=ct&_vap=&_vtn=&_vd=25055&sn=2&sv=7bakUYhYb_C8APrmBhcwnfp74jm&sr=external&sd=1&im=06672fd3&_
Requested by: Host: g.112388.xyz
URL: https://g.112388.xyz/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.243.156.193 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-243-156-193.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 04 Feb 2024 23:42:39 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-length: 43
expires: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17082187209892412455/ Frame 19C5 87 KB
22 KB 206ms
79ms Document
text/html 2607:f8b0:4006:824::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17082187209892412455/index.html?e=69&leftOffset=0&topOffset=0&c=8idV1eftTn&t=1&renderingType=2&ev=01_250

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff8b258c6693fee122ffdc2f152132bc3cb1414c398652f748d59a17706aaec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 04 Feb 2024 23:42:39 GMT
expires: Mon, 03 Feb 2025 23:42:39 GMT
last-modified: Sat, 10 Jun 2023 23:59:02 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4950 0
0 272ms
93ms Fetch
image/gif 142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvk_PysnXUX2PNjEV0iiOm5iiFzuxjAhC7rcOVsPx6UborZDC0YuInCJYvZI2R-f_gmzsin_kcjrhrGhlN_5L4rqV5YCntyDkbidReyrOz50bUx04bVkikQo6HDNbjZNKaj47niddB38SYU4FKQyPB-IXIxD3RKaU-US9A0jSngYx07eRrL7NESHiM0b7k5kN1ORAGrUgpXk1Yn0aBfD5rU3Hg4qX9wyy0gqGjc1vpg0XOHO9wl1fmJCwa3244UqURiDMi5F_vBUrz3KTk7X-Op4fTHXbM0be91kgV9yPcjcItfrzLTeGQYOXujVCsfHlbgGJpbrRgadWE0Y9imogu0P5nlXysDaygqBblTiw41TVBlxKdInr6ufMYabDrEf2lFYAKNGZS2QnNkdRWpBIAp_fHMjwXJWjtXlz8H7F4RkHveQuhs8BYY-lrQ6Yk4SU0CzvvWVDOaCT-yMam3L5uhh7koCyyAKwtPhIIKJvY_Fyv-FFmC9C1aK-zD4VwE30QdheGTJd7gcsZWX3utDwRZ9-1ZL7QG_z9i-2LaVU5esJeIu1yzicx7tyaG9odW9_X6HnejJDp8bPr4c4lVddTlXxwcdmOdiuCJYbcuFsbUbs8hugW9-jF-gHp1Qgs9N9Yq_aT_g5Qh-UuOB-TtoCGPjt5aHYJxQMlMdCpah3-LlMq4i30OMHJVNTH6Dxv06Su016fnopiLU0Aeigq-aM_-yhC2tyx8G_KzRpISPhVddhK7YairGCWh48utDPeDSt7tuJycE5Xq70PamF6sqsPMeOnwZa_1rlAlrARcvFhZHWNGRmKVnIeIHYGtSTSuo-oB115xytf6zDsj-BLgFo2SB6ai7mdmVnp82DQc0gKlaMPlKuOmQYum4W-G2krFXMBW8w2xUZMWe-7ONdQQC30NxvVA_dZaehsTJScfgSTpfh4PJa8CNecoDxubTo0drUv6ucwgfoSS6o0E50O13mjqpkXEKf1tazk3sBQdYdRVgDllLLVaqoOfTOGrvpYegEBXJoGUFXUiafINUtrrnC7Jg_KnBdZIhYXyrGlgPpFVaXr8D8dALRY96lF3YP8BnTao_N3gJThR2UszXHosdeVRjPiQ-Y8Kb1EcBdwinSvo8K9HmEyJRvJMmHqioQROLVVzckdEAZG470zh6qH_v2JlKGZJXb5FeP3-4x7OHu6mdI-gb96x24ec-cfq4ab31egAh7C7P67qlRDbI397GB9eUSddcYmtY2y-IGMRpQWEv7aW2J4IfZYkQYgCT0L-J6Sjev-lFuNfoCIrMbInAx4o7Gjj0ijwSnLwie_ruN8OIqsGU_yJOoUnEs7V6CIg7J2yPUulKzR-9s2ipL-g8JpgvfOxwYdoxj_f84MPYK7h6TP0CisEM_clMPH_zTtKjGqXdnnPOqUzVXoStj-yVxFXY4vhwLoGODwew9fedNKb2BDE83Uf6cy0IkgiUlOzNVb4&sai=AMfl-YS4RaDi67jkOHewWebQF6igxFIXbMjYdPaibVqMcCdFLppUz0NZUR0JyH5coaNKSmpCdMJXG_l3HlqE_1WTEAB35snN_X4WrDAMxrwhJMmKVAFzS0P-bR2T16eHI8CWQDkV7aTkzsguIVDTXlGK_VYVBbcg41dyDt2GfhWji_0xWdVc0r86TL1OEyx82BYpjrZt-sYWrzCqxuIDeO63TuJIDEtFLIR0icbltpjkfIED-wThfrqZRMIkUD09ftBpk9muKhTzZ8oUK62SCag3gh0pp6i-4tTk95q4Pg&sig=Cg0ArKJSzPthBjDE3D5mEAE&uach_m=%5BUACH%5D&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=418&cbvp=1&cstd=405&cisv=r20240131.26364&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.162 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 04 Feb 2024 23:42:39 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sun, 04 Feb 2024 23:42:39 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FF05 0
20 B 97ms
96ms Image
image/gif 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BKw257iDAZY-fMaCnjvQP8JqHyA8AAAAAOAHgBAI&bg=!ZmWlZSrNAAa8BdJLnAU7ADQBe5WfOPiQ_aOzLYON_TpQtI1raHuHjryb89izgv-S810ehI_Mq90k0UcFBJ7ZxLIwzGJBAgAAAKxSAAAAA2gBB5kDBAPO8zkGNkPtErTkTW_pIF7kXbwZIOExswcf77xP_KSA3hxawrJaKkLzlZTY4jOiDPMaSocw0dJaOtjOiOvokjT7uwuooaKeUYwQ8vJsn8hYTKHDVIcZQ6ypyEj-M-7PyqYcLgYvx_0gzl6-mMVk6n61Kyx9TjvNrft1dNUvAJ6O7lMpCZ8Q9euL2EQhtrs1cR8LsnL4tFblPEhh3DiIjYRhLuTgXKhYJynjyH7Wib3b_8vY12VffheHSsElydedIQDe_lG39RKa3M2StLm9g2476oSwBlZ_UDM3fWFTuKIv7N3SxC1aVpKPHoiFOXNlExoFyTQ8h5sTmNs70iUhZ3M7u9Vn1WB8RXeCKH65Vamelg7Qn3cRnLqawBdOo2nHWQHxkYfB0W2_eioYYX86VzNVSH64cKp3kPH3th_zWmbX8_lHA2fwXlEOarfu7h9slurqmCEj9svqo-_hHyJwFGB7cQTn1DzwTACMKBYIg8BxxFB1D1NGcnbu-QgPKCt9wgHlLJW-U-QcNN6NPtW62IWQUGQKpAs0XKEXV5qagZGAR3oYGuleifHzlGT1UgrFrj0WQtmp4S6MUlhYl5pJGIGXlPFCp_bU2tSPwCAlCZi_euM1MF4xZyotkJbky0qj6GCXbsSQQnDNmXpDUO-vvsJQ8EyACijeTbZPv_KTigKWf4YmHb5IckzXT1eyb3wJJny6CyV7VN7jQno5jqFZ9qHlJaEWNzd0ft9Cl2zBweg9CLiqezF_r7x4GlgTwSuNkYZUMOXyLl7T2Uc10eWq03-FZcD3PNj7BvVTCzEE4BqRFmRtxlVYNTV79mKaV7e9-0AIhy2ezK0cHx8Z82YBzk9L0NG8VKw1rrQFTSo2Bpmm1-Pz1LVbHxa-Y-FzoCXOI1eCOFnrN0jTi1HWj4_ePwpMNB4eSUwoZMHbSfkOP4r8CoIXTx49yy0ueXQr7FiCyAXwjmucboVltzffQfbZqUlYKLHNzuHa9j7jWbLi9BsnDyv3TGpKJPTsMaidy6mWKezEzMQ

Requested by

Host: fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com
URL: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 19C5 120 KB
41 KB 64ms
63ms Script
text/javascript 2607:f8b0:4006:824::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17082187209892412455/index.html?e=69&leftOffset=0&topOffset=0&c=8idV1eftTn&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17082187209892412455/index.html?e=69&leftOffset=0&topOffset=0&c=8idV1eftTn&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 21:58:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6263
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 05 Feb 2024 21:58:16 GMT

GET
H3 200 preload.jpg
s0.2mdn.net/sadbundle/17082187209892412455/ Frame 19C5 4 KB
4 KB 63ms
62ms Image
image/jpeg 2607:f8b0:4006:824::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17082187209892412455/preload.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17082187209892412455/index.html?e=69&leftOffset=0&topOffset=0&c=8idV1eftTn&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e33b8407c21f47e7c990edcb66dcf85406e8955ea0f85432539d5b706870cbc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17082187209892412455/index.html?e=69&leftOffset=0&topOffset=0&c=8idV1eftTn&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Fri, 31 Jan 2025 09:32:35 GMT
date: Thu, 01 Feb 2024 09:32:35 GMT
x-content-type-options: nosniff
age: 310204
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4368
x-xss-protection: 0
last-modified: Sat, 10 Jun 2023 23:59:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4950 0
0 85ms
84ms Fetch
image/gif 142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvk_PysnXUX2PNjEV0iiOm5iiFzuxjAhC7rcOVsPx6UborZDC0YuInCJYvZI2R-f_gmzsin_kcjrhrGhlN_5L4rqV5YCntyDkbidReyrOz50bUx04bVkikQo6HDNbjZNKaj47niddB38SYU4FKQyPB-IXIxD3RKaU-US9A0jSngYx07eRrL7NESHiM0b7k5kN1ORAGrUgpXk1Yn0aBfD5rU3Hg4qX9wyy0gqGjc1vpg0XOHO9wl1fmJCwa3244UqURiDMi5F_vBUrz3KTk7X-Op4fTHXbM0be91kgV9yPcjcItfrzLTeGQYOXujVCsfHlbgGJpbrRgadWE0Y9imogu0P5nlXysDaygqBblTiw41TVBlxKdInr6ufMYabDrEf2lFYAKNGZS2QnNkdRWpBIAp_fHMjwXJWjtXlz8H7F4RkHveQuhs8BYY-lrQ6Yk4SU0CzvvWVDOaCT-yMam3L5uhh7koCyyAKwtPhIIKJvY_Fyv-FFmC9C1aK-zD4VwE30QdheGTJd7gcsZWX3utDwRZ9-1ZL7QG_z9i-2LaVU5esJeIu1yzicx7tyaG9odW9_X6HnejJDp8bPr4c4lVddTlXxwcdmOdiuCJYbcuFsbUbs8hugW9-jF-gHp1Qgs9N9Yq_aT_g5Qh-UuOB-TtoCGPjt5aHYJxQMlMdCpah3-LlMq4i30OMHJVNTH6Dxv06Su016fnopiLU0Aeigq-aM_-yhC2tyx8G_KzRpISPhVddhK7YairGCWh48utDPeDSt7tuJycE5Xq70PamF6sqsPMeOnwZa_1rlAlrARcvFhZHWNGRmKVnIeIHYGtSTSuo-oB115xytf6zDsj-BLgFo2SB6ai7mdmVnp82DQc0gKlaMPlKuOmQYum4W-G2krFXMBW8w2xUZMWe-7ONdQQC30NxvVA_dZaehsTJScfgSTpfh4PJa8CNecoDxubTo0drUv6ucwgfoSS6o0E50O13mjqpkXEKf1tazk3sBQdYdRVgDllLLVaqoOfTOGrvpYegEBXJoGUFXUiafINUtrrnC7Jg_KnBdZIhYXyrGlgPpFVaXr8D8dALRY96lF3YP8BnTao_N3gJThR2UszXHosdeVRjPiQ-Y8Kb1EcBdwinSvo8K9HmEyJRvJMmHqioQROLVVzckdEAZG470zh6qH_v2JlKGZJXb5FeP3-4x7OHu6mdI-gb96x24ec-cfq4ab31egAh7C7P67qlRDbI397GB9eUSddcYmtY2y-IGMRpQWEv7aW2J4IfZYkQYgCT0L-J6Sjev-lFuNfoCIrMbInAx4o7Gjj0ijwSnLwie_ruN8OIqsGU_yJOoUnEs7V6CIg7J2yPUulKzR-9s2ipL-g8JpgvfOxwYdoxj_f84MPYK7h6TP0CisEM_clMPH_zTtKjGqXdnnPOqUzVXoStj-yVxFXY4vhwLoGODwew9fedNKb2BDE83Uf6cy0IkgiUlOzNVb4&sai=AMfl-YS4RaDi67jkOHewWebQF6igxFIXbMjYdPaibVqMcCdFLppUz0NZUR0JyH5coaNKSmpCdMJXG_l3HlqE_1WTEAB35snN_X4WrDAMxrwhJMmKVAFzS0P-bR2T16eHI8CWQDkV7aTkzsguIVDTXlGK_VYVBbcg41dyDt2GfhWji_0xWdVc0r86TL1OEyx82BYpjrZt-sYWrzCqxuIDeO63TuJIDEtFLIR0icbltpjkfIED-wThfrqZRMIkUD09ftBpk9muKhTzZ8oUK62SCag3gh0pp6i-4tTk95q4Pg&sig=Cg0ArKJSzPthBjDE3D5mEAE&uach_m=%5BUACH%5D&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=840&vt=11&dtpt=422&dett=3&cstd=405&cisv=r20240131.26364&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.162 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 04 Feb 2024 23:42:39 GMT

GET
H2 200 .status Show response
a.et.nytimes.com// 0
0 80ms
80ms Fetch
text/plain 52.203.246.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com//.status
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.203.246.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-203-246-132.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept: */*
Referer: https://g.112388.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: text/plain;charset=UTF-8

Response headers

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 97ms
96ms XHR
application/json 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202401290201&st=env

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0da22d15487f31b2f17d682d48f4a453128d5e8e8cdfe055d9f0545d09ecf532

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12262
x-xss-protection: 0

GET
H2 200 loader.js Show response
platform.iteratehq.com/ 1 KB
1 KB 146ms
39ms Script
application/javascript 2606:4700:20::ac43:479c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.iteratehq.com/loader.js

Requested by

Host: g.112388.xyz
URL: https://g.112388.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:479c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4eb4d79169579cf2ade4f692f5a2350cd22cc726b21b95b660516c17789f2a4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:39 GMT
x-amz-version-id: MPba88_18g9np_MgUWG7bxUFbngqy4X9
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains
x-amz-request-id: Z2VZY53X46PQC47T
age: 46
x-amz-server-side-encryption: AES256
x-amz-id-2: tTiACG3DlAq105l5DXmx5IP8rt5blgnrhZNPTIE2ecGVUgYGv43MSRb6c4uJRDVcORTTdz/ucXA=
last-modified: Mon, 29 Jan 2024 17:08:18 GMT
server: cloudflare
etag: W/"90a211e23d5f5f90643d22f264d729ba"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FzGUzL5A7f6C2lwNRZNAsHJkf5bOhQHGbSoLp49aFUgVNZLinDZmDlm8ihbXziQ2jqIfss2myiyOpPHsFRwg%2BWOQEvLD96iMx8l0sp4pSolMsNkPf16KH1uRGHzAyowbggLjXnE0wrqRMKL6L4gHySubmhk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 8506c57bcba367b6-MIA

GET
H2

200

cs.js Show response
sb.scorecardresearch.com/internal-c2/3005403/
Redirect Chain

https://sb.scorecardresearch.com/c2/3005403/cs.js
https://sb.scorecardresearch.com/internal-c2/3005403/cs.js

0
382 B

66ms
64ms

Script
application/javascript

108.139.47.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/internal-c2/3005403/cs.js
Protocol: H2
Server: 108.139.47.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-47-33.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 10:13:07 GMT
via: 1.1 56d4c538e370aeaeaa8463ce6c4a1044.cloudfront.net (CloudFront)
last-modified: Mon, 03 Jul 2023 14:48:36 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P1
age: 48572
x-amz-server-side-encryption: AES256
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 0
x-amz-cf-id: Ro5_XFL62Tx03tDJ9JvRbSrOHcwyRPtEht15u6YFYT07bDcbLnI1YQ==

Redirect headers

date: Sun, 04 Feb 2024 23:42:39 GMT
via: 1.1 56d4c538e370aeaeaa8463ce6c4a1044.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: JFK50-P1
x-cache: Miss from cloudfront
location: /internal-c2/3005403/cs.js
content-length: 0
x-amz-cf-id: MWbE9fcD6uM-CyR3wsdbKfCzipD6Pj6aYqoKT9iAKj7jfX2sVop-Mg==

GET
H2 200 vhs-plugin-cover-vi-386a52738091ae451be7.min.js Show response
static01.nyt.com/video-static/vhs3/ 51 KB
13 KB 34ms
33ms Script
application/javascript 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://static01.nyt.com/video-static/vhs3/vhs-plugin-cover-vi-386a52738091ae451be7.min.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

cc40ca501d6b503b1aaaea29cad8cd180098c7336679a39b09b1f89a5ce99150

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Tue, 06 Feb 2024 23:12:44 GMT
date: Sun, 04 Feb 2024 23:42:39 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 433795
x-guploader-uploadid: ABPtcPqa_e5OFEcM8aNHma3vky2zO0RR3stK7kvRSBZH-ZD3xhY_XMbgnn0d9oUvib7PSK8veatuWi8UYA
x-cache: HIT, HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-meta-surrogate-key: video/vhs3
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-length: 12413
x-served-by: cache-iad-kcgs7200166-IAD, cache-mia-kmia1760045-MIA
last-modified: Tue, 30 Jan 2024 23:12:38 GMT
server: UploadServer
x-timer: S1707090160.883354,VS0,VE0
etag: "430d491b848ef8e84af641dffc19ac81"
vary: Accept-Encoding
x-goog-generation: 1706656358795953
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=RBPEtw==, md5=Qw1JG4SO+OhK9kHf/BmsgQ==
cache-control: public,max-age=60,s-maxage=604800
x-goog-stored-content-length: 51861
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 17, 27104

GET
DATA 200
OK truncated
/ 5 KB
5 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 61987b71501afac79b03e8baa611020d395a37e824fd2360e7831443a305e71d

Request headers

Referer
Origin: https://g.112388.xyz
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: application/font-woff

GET
H2 404 115332_1_04vid-chile-wildfires_wg_1080p.vtt
vp.nyt.com/video/2024/02/04/ 0
232 B 34ms
33ms TextTrack
application/octet-stream 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://vp.nyt.com/video/2024/02/04/115332_1_04vid-chile-wildfires_wg_1080p.vtt

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g.112388.xyz/
Origin: https://g.112388.xyz
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-served-by: cache-chi-klot8100105-CHI, cache-mia-kmia1760037-MIA
date: Sun, 04 Feb 2024 23:42:39 GMT
via: 1.1 google, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
server: nginx
age: 1
x-timer: S1707090160.959193,VS0,VE1
x-cache: HIT, HIT
content-type: application/octet-stream
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
content-length: 0
x-cache-hits: 26, 1

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 82ms
82ms Script
text/javascript 2607:f8b0:4006:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 04 Feb 2024 23:42:39 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 19C5 8 KB
6 KB 90ms
89ms XHR
application/json 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

be6fb59833ed545e706a68b32222ef1474f9ef93d86c1844aa4532c35e3d4efd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5968
x-xss-protection: 0

GET
H3 200 replay.png
s0.2mdn.net/sadbundle/17082187209892412455/ Frame 19C5 676 B
704 B 67ms
66ms Image
image/png 2607:f8b0:4006:824::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17082187209892412455/replay.png

Requested by

Host: fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com
URL: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

560840d26c66d01e35e8257c2599e4d6ff81fb45082ac051cbfb0fb835657951

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17082187209892412455/index.html?e=69&leftOffset=0&topOffset=0&c=8idV1eftTn&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Fri, 31 Jan 2025 09:36:48 GMT
date: Thu, 01 Feb 2024 09:36:48 GMT
x-content-type-options: nosniff
age: 309951
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 676
x-xss-protection: 0
last-modified: Sat, 10 Jun 2023 23:59:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 poster.jpg
s0.2mdn.net/sadbundle/17082187209892412455/ Frame 19C5 42 KB
42 KB 68ms
67ms Image
image/jpeg 2607:f8b0:4006:824::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17082187209892412455/poster.jpg

Requested by

Host: fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com
URL: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a510268179ca6b5136fc166ed81a1b67e2d89b58b58cab897d2b97356bd0580

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17082187209892412455/index.html?e=69&leftOffset=0&topOffset=0&c=8idV1eftTn&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Sat, 01 Feb 2025 16:07:05 GMT
date: Fri, 02 Feb 2024 16:07:05 GMT
x-content-type-options: nosniff
age: 200135
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43233
x-xss-protection: 0
last-modified: Sat, 10 Jun 2023 23:59:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 04chile-wildfires-zcgk-threeByTwoSmallAt2X-v2.jpg
static01.nyt.com/images/2024/02/04/multimedia/04chile-wildfires-zcgk/ 111 KB
111 KB 34ms
33ms Image
image/jpeg 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2024/02/04/multimedia/04chile-wildfires-zcgk/04chile-wildfires-zcgk-threeByTwoSmallAt2X-v2.jpg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

5f0f18dd0226fe1cf14e136e90b50c29b618fb78b01de9d527099e3a779b43f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Sun, 04 Feb 2024 17:36:32 GMT
date: Sun, 04 Feb 2024 23:42:39 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 21968
x-guploader-uploadid: ABPtcPrfMeZMALvbRn9eEhcGDsyN-tm5EwVJIJHXh5ubwdrpph6j93XMgSuNcDuaXk9VInd3hPM
x-cache: HIT, HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-length: 113479
x-served-by: cache-iad-kiad7000113-IAD, cache-mia-kmia1760045-MIA
last-modified: Sun, 04 Feb 2024 17:28:37 GMT
server: UploadServer
x-timer: S1707090160.993573,VS0,VE0
etag: "23811c390b3b679991738bdb3bac44a2"
x-goog-generation: 1707067717370657
content-type: image/jpeg
access-control-allow-origin: *
x-goog-hash: crc32c=RSU4uQ==, md5=I4EcOQs7Z5mRc4vbO6xEog==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 113479
x-amz-checksum-crc32c: RSU4uQ==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 10, 341

GET
DATA 200
OK truncated
/ 503 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52c1269f57bc3b5b121595f104302322f9b8f0a23b5f550da9c5d1ccc7704309

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 preload.jpg
s0.2mdn.net/sadbundle/17082187209892412455/ Frame 19C5 4 KB
4 KB 72ms
72ms Image
image/jpeg 2607:f8b0:4006:824::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17082187209892412455/preload.jpg

Requested by

Host: fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com
URL: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e33b8407c21f47e7c990edcb66dcf85406e8955ea0f85432539d5b706870cbc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17082187209892412455/index.html?e=69&leftOffset=0&topOffset=0&c=8idV1eftTn&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Fri, 31 Jan 2025 09:32:35 GMT
date: Thu, 01 Feb 2024 09:32:35 GMT
x-content-type-options: nosniff
age: 310205
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4368
x-xss-protection: 0
last-modified: Sat, 10 Jun 2023 23:59:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H/1.1

206
Partial Content

file.mp4
r1---sn-q4fl6ndl.c.2mdn.net/videoplayback/id/344e2c4a56fb15b0/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1738626158/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame 19C5
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/344e2c4a56fb15b0/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1738626158/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signat...
https://r1---sn-q4fl6ndl.c.2mdn.net/videoplayback/id/344e2c4a56fb15b0/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1738626158/sparams/acao,ctier,expire,id,ip,ipbits,itag...

598 KB
599 KB

239ms
65ms

Media
video/mp4

2607:f8b0:4000:1f::6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r1---sn-q4fl6ndl.c.2mdn.net/videoplayback/id/344e2c4a56fb15b0/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1738626158/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7B5A6B97C8271DB8B8932085322D32C9E3A1FC.6351944C26928E06E01EB188C426843416EF6408/key/cms1/cms_redirect/yes/mh/wV/mip/2001:550:1d05:1::11/mm/42/mn/sn-q4fl6ndl/ms/onc/mt/1707087512/mv/u/mvi/1/pl/48/file/file.mp4

Requested by

Host: fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com
URL: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

2607:f8b0:4000:1f::6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

29bfea73ad113ebd150a7f76415f7b650e2583087a9dab43546c61d0998a0415

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Date: Sun, 04 Feb 2024 23:42:40 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 10 Jun 2023 23:59:17 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-612440/612441
Cache-Control: private, max-age=86400
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 612441
Expires: Sun, 04 Feb 2024 23:42:40 GMT

Redirect headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:40 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r1---sn-q4fl6ndl.c.2mdn.net/videoplayback/id/344e2c4a56fb15b0/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1738626158/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7B5A6B97C8271DB8B8932085322D32C9E3A1FC.6351944C26928E06E01EB188C426843416EF6408/key/cms1/cms_redirect/yes/mh/wV/mip/2001:550:1d05:1::11/mm/42/mn/sn-q4fl6ndl/ms/onc/mt/1707087512/mv/u/mvi/1/pl/48/file/file.mp4
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 646
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 match-prod-b67c5178dcd896f2ee55.js Show response
platform.iteratehq.com/ 87 KB
30 KB 43ms
43ms Script
application/javascript 2606:4700:20::ac43:479c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.iteratehq.com/match-prod-b67c5178dcd896f2ee55.js

Requested by

Host: platform.iteratehq.com
URL: https://platform.iteratehq.com/loader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:479c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e57d1cae3a8e67236e58c0ec7c656c4c85c1721466c0007d34cc028b688a175e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:40 GMT
x-amz-version-id: 45hbzbFrAuZNDinxE_mDlO2vmg8knz6M
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains
x-amz-request-id: VYV9CNEXGBVVQN1W
age: 541890
x-amz-server-side-encryption: AES256
x-amz-id-2: 6RMBLQH6LbzN1eTciHSFtjmK5LL0JZqX2nT6P7F+iYPu5YuxGax1BaMcgdBexZqStKzAFW3XDn4=
last-modified: Mon, 29 Jan 2024 17:08:16 GMT
server: cloudflare
etag: W/"de26d6e4c8675686e6025663c8a5de23"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=teKnbYRnlOmFQKHFgbSzwB5wn3VO14T6N%2F9NhuocjqbCDCOFFvYP9iVIwBtS8gwbyhp9E4HnYdrLZwntUkfmOJjqKv%2BATJfWFg1fZecNKWQCfTshzA3rd7CspxabzN7yWCvzFqZwqehChW9oXVYOnJbOMW0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
cf-ray: 8506c57c2c0967b6-MIA

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 28B1 13 KB
5 KB 65ms
64ms Document
text/html 2607:f8b0:4006:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://g.112388.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 12659
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 04 Feb 2024 20:11:41 GMT
expires: Mon, 03 Feb 2025 20:11:41 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3F4C 829 B
1 KB 226ms
81ms Document
text/html 2607:f8b0:4006:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8d75f1a219925f06ea89399d437ef59d3a20faef18bef523a292a5d2d50b0389

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-zmZpwsu6xSVZg1to-iwfoQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://g.112388.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-zmZpwsu6xSVZg1to-iwfoQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 04 Feb 2024 23:42:40 GMT
expires: Sun, 04 Feb 2024 23:42:40 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 19C5 17 KB
6 KB 98ms
97ms Script
text/javascript 2607:f8b0:4006:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 04 Feb 2024 23:42:40 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4950 42 B
64 B 132ms
132ms Fetch
image/gif 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssg-8wj1JerZPGKlWqJfQeAaDvqWxZ9Kfii09T7TbnVQglmBRrwEA2f35gz1Q0sfeXCm0WhBNPYxiheAX48X-mymsFyG8lPFmElKRbyeSL3TwFTvDRbA3ccK4A_aEes1Zutdb-oni5L5dLNrmch3QG42pD6&sai=AMfl-YRAI_YqbyaVXQvg-Py3DmpMUdJ5c54-zK8SbjixLCm0ZVSP52GT7BzmARfNRM_5JJe37EvPWxJTzTm3oH_ibKI8ZVGbeI1BhhTv8CtrQ1Lx5a_9CkpFpzE6zDyBUhHxHG4z2OtO4adnVzTv-LsQ&sig=Cg0ArKJSzPrOqrgC4YdSEAE&cid=CAQSTgAvHhf_oRpAgmx2nM2_g1pneGGjVslsukx8HMFWCIKElR0KlSRH6ZPSqjWGqctqyyGW3ZJSG4dFLifbXNPHLezHkPul-U3mPBNyaJj84xgB&id=lidar2&mcvt=1003&p=15,315,265,1285&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20240201&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2496155832&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=302295900&rst=1707090157992&rpt=1042&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 embed Show response
iteratehq.com/api/v1/surveys/ 297 B
539 B 77ms
76ms Fetch
application/json 2606:4700:20::681a:7e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2426bfabd534ec0c5a4e2e96cd0a5b9fd87accdc0837a6310d505360098e69c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Referer: https://g.112388.xyz/
accept-language: en-US,en;q=0.9
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb21wYW55X2lkIjoiNWMwOThiM2QxNjU0YzEwMDAxMmM2OGY5IiwiaWF0IjoxNTQ0MTI5MzQxfQ.UI13nEXGs0udbZxhjyFLruAEed42XwFO4fZlCqOgY1o
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 04 Feb 2024 23:42:40 GMT
strict-transport-security: max-age=0; includeSubDomains
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mvtK8e%2BqKqFYganA2TV7geLU6JyNbVuZid0yweJ7Nummfc6Veqf8%2Bc9Hgo5c6h3sRjRxx5jCbGHYVD182q%2FNCVrdDVVGhAsMknOAF4zX76CnySe91ffcU5gHXScRIMZdgoAeF8yfJseUYw8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 8506c57da9f909da-MIA

OPTIONS
H2 200 embed
iteratehq.com/api/v1/surveys/ Frame 0
0 174ms
75ms Preflight 2606:4700:20::681a:7e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://g.112388.xyz
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 8506c57d390b09da-MIA
content-length: 0
date: Sun, 04 Feb 2024 23:42:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P6f2RSiS9vGA5lfLiElCvWzWjzbFmyD1FcvBYX7N3RYbmsZnRz1cOL23X%2FLHLnDAeYjHaLyuAOx6Pxqy9SdsGtmlpQ9%2BOMJZRcjfuAgvfhrMcfRPDFNtmuJK4uAfqYBhvp0azXRgmrRaMLg%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H3 200 prod_studio_01_250_videomodule.js Show response
s0.2mdn.net/879366/ Frame 19C5 13 KB
5 KB 66ms
65ms Script
text/javascript 2607:f8b0:4006:824::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/prod_studio_01_250_videomodule.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03656ff565d2cc90c3b8f2c1963c5804304e5d9dc796e920db21a6db906a942d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17082187209892412455/index.html?e=69&leftOffset=0&topOffset=0&c=8idV1eftTn&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 06:04:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63491
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4955
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:43 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 05 Feb 2024 06:04:29 GMT

GET
H2 200 vhs-plugin-nyt-analytics-4739d93db9c1f6ecd885.min.js Show response
static01.nyt.com/video-static/vhs3/ 26 KB
6 KB 33ms
33ms Script
application/javascript 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://static01.nyt.com/video-static/vhs3/vhs-plugin-nyt-analytics-4739d93db9c1f6ecd885.min.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

39bc2f03b0b4798db6fb14405be09ec727e727e16ddb5e1c1a4fae724ebb3ddb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Tue, 06 Feb 2024 23:12:44 GMT
date: Sun, 04 Feb 2024 23:42:40 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 433795
x-guploader-uploadid: ABPtcPpWElnOx-32f5CIGW-JE0oqo3Mhimap8FQk4TB5mx179W8tYD27jV-66dFGrUcuSn1QRH8
x-cache: HIT, HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-meta-surrogate-key: video/vhs3
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-length: 5817
x-served-by: cache-iad-kjyo7100141-IAD, cache-mia-kmia1760045-MIA
last-modified: Tue, 30 Jan 2024 23:12:38 GMT
server: UploadServer
x-timer: S1707090160.100674,VS0,VE0
etag: "1db1c94dbe5c2def15d7ee4c23f50c25"
vary: Accept-Encoding
x-goog-generation: 1706656358797306
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=yjkx7Q==, md5=HbHJTb5cLe8V1+5MI/UMJQ==
cache-control: public,max-age=60,s-maxage=604800
x-goog-stored-content-length: 27112
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 16, 27652

POST
H2 200 track
a.et.nytimes.com/ 0
0 80ms
79ms Ping
text/plain 52.203.246.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: g.112388.xyz
URL: https://g.112388.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.203.246.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-203-246-132.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://g.112388.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 28B1 39 KB
15 KB 66ms
65ms Script
text/javascript 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 20:11:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12658
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 03 Feb 2025 20:11:42 GMT

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame BEA1 39 KB
15 KB 63ms
63ms Script
text/javascript 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 20:11:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12658
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 03 Feb 2025 20:11:42 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3F4C 0
0 129ms
128ms Image
text/html 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202401290201&jk=2384352275948271&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:809::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 28B1 0
10 B 67ms
65ms Image
text/plain 2607:f8b0:4006:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?6gN9cQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:817::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:40 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 dc_oe=ChMIj86PtO6ShAMVoJODCB1wzQH5EAAYACDXrpBcQhMIu6C4s-6ShAMVzqdaBR24vgLI;dc_eps=AHas8cCHmaV5Z7yRiDcnBfkmopCIt5-8LJORYnXwcMIT_M6JYlPQbLnJJbFnGkA3Gi2vpr-XbwnvA3urTQ;met=1;&timestamp=1707090160541;e...
ade.googlesyndication.com/ddm/activity/ Frame 4950 42 B
401 B 268ms
98ms Image
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIj86PtO6ShAMVoJODCB1wzQH5EAAYACDXrpBcQhMIu6C4s-6ShAMVzqdaBR24vgLI;dc_eps=AHas8cCHmaV5Z7yRiDcnBfkmopCIt5-8LJORYnXwcMIT_M6JYlPQbLnJJbFnGkA3Gi2vpr-XbwnvA3urTQ;met=1;&timestamp=1707090160541;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=0;eid3=11;ecn3=1;etm3=0;eid5=12;ecn5=1;etm5=0;

Requested by

Host: fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com
URL: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 embed Show response
iteratehq.com/api/v1/surveys/ 64 B
346 B 68ms
67ms Fetch
application/json 2606:4700:20::681a:7e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea939bd13d79a17cc436d4c3e102d4060cb7ebf0e8e61918f3d034580dff02b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Referer: https://g.112388.xyz/
accept-language: en-US,en;q=0.9
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhaWQiOiI2NWMwMjBmMGE1N2IwMDAwMDFlMzI0MzUiLCJjb21wYW55X2lkIjoiNWMwOThiM2QxNjU0YzEwMDAxMmM2OGY5IiwiaWF0IjoxNzA3MDkwMTYwfQ.hqylWkGddWiTr8btZNybshjBBH4wiAxYLyijSWiCVaM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 04 Feb 2024 23:42:40 GMT
strict-transport-security: max-age=0; includeSubDomains
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aumOUc%2BzfKFRRSOT%2BplUmRxNomjS2p12R29zsevCfO91oBGAv5O57OYH8Ewlm5IJG1e2DSEaITGbFD2EVIK826nKBmqiMKORn97D3YOzNByzNvdKvh8woUKdWuHypO%2FPwvrCGNOAcaU%2F6EI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 8506c5804dde09da-MIA

OPTIONS
H2 200 embed
iteratehq.com/api/v1/surveys/ Frame 0
0 85ms
83ms Preflight 2606:4700:20::681a:7e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://g.112388.xyz
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 8506c57fbd5809da-MIA
content-length: 0
date: Sun, 04 Feb 2024 23:42:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BaRaZ9tqZQF%2FEe7Mrx2lca622RltkTjaDlKL%2BFo9Y0%2FSNgwXvjVS8H91epYzN8YqaaPHAv6rgT2NoZvgGU7GxTIkY%2B8vbziAnyGfIyt4L%2FzD0kA9Fji7uNf4V5aBfyrniYYVIaLJz5lepxo%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H2

200

pd
nytimes-d.openx.net/w/1.0/
Redirect Chain

https://nytimes-d.openx.net/w/1.0/pd
https://nytimes-d.openx.net/w/1.0/pd?cc=1

43 B
202 B

48ms
47ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nytimes-d.openx.net/w/1.0/pd?cc=1
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:40 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://nytimes-d.openx.net/w/1.0/pd?cc=1
date: Sun, 04 Feb 2024 23:42:40 GMT
via: 1.1 google
server: OXGW/0.0.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=163427
https://image8.pubmatic.com/AdServer/ImgSync?p=163427&rdf=1
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MTQ5MjgzMUEtM0Y3RC00QTg4LUI4MDgtOUEyRDQxQkJDNDkz&gdpr=-1&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=-1&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}

0
216 B

57ms
56ms

Image
text/plain

8.28.7.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
Protocol: H2
Server: 8.28.7.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:42:41 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image8.pubmatic.com/AdServer/ImgSync?gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
date: Sun, 04 Feb 2024 23:42:41 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1 200
OK cksync.php
cs.media.net/ 56 B
644 B 275ms
91ms Image
image/gif 23.197.184.18
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync.php?cs=8
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.197.184.18 Minneapolis, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-197-184-18.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ad22af17099959c6c05cc8f11cfac5e225e81216a65e70f296bfca34b60e9789

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 04 Feb 2024 23:42:40 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 56
x-mnet-hl2: E
Expires: Sun, 04 Feb 2024 23:42:40 GMT

GET
H3

200

crum
dsum.casalemedia.com/
Redirect Chain

https://dsum.casalemedia.com/pbusermatch?origin=prebid&site_id=995821&p=1&i=0&gdpr=0&gdpr_consent=&us_privacy=
https://bttrack.com/pixel/cookiesync?source=67e94f23-25d6-4008-8236-375d1743c2e0&secure=1
https://dsum.casalemedia.com/crum?cm_dsp_id=156&external_user_id=1dbe334b-b427-43cd-9874-c733fbf51a40

43 B
725 B

78ms
77ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/crum?cm_dsp_id=156&external_user_id=1dbe334b-b427-43cd-9874-c733fbf51a40
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:41 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kfDqeWL1k4OKXAayQ4%2F92H%2FHpIwOwddZ0Gm0ktWWeXVWs1DmEMDGKHnpNq4uPdT%2BhFdiFfhZ17zeJiepGjRSZ%2FB66lRevXxHPNzOfwUIBZU7AsBQCV5DpBLgpW3Vyk9inICiSUlP"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8506c5827d769aef-MIA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

x-servername: Track001-iad
pragma: no-cache
date: Sun, 04 Feb 2024 23:42:21 GMT
strict-transport-security: max-age=31536000;
content-type: text/html; charset=utf-8
location: https://dsum.casalemedia.com/crum?cm_dsp_id=156&external_user_id=1dbe334b-b427-43cd-9874-c733fbf51a40
cache-control: private,no-cache
content-length: 222
expires: -1

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://eb2.3lift.com/sync?px=1&src=prebid&
https://eb2.3lift.com/sync?px=1&src=prebid&&ld=1
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=
https://eb2.3lift.com/xuid?mid=3658&xuid=4b8758b0-4de2-4908-a0bc-c5e5b724f4a3&dongle=0cfd&gdpr=0&gdpr_consent=

37 B
354 B

62ms
60ms

Image
image/gif

52.223.22.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=3658&xuid=4b8758b0-4de2-4908-a0bc-c5e5b724f4a3&dongle=0cfd&gdpr=0&gdpr_consent=
Protocol: H2
Server: 52.223.22.214 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-type: image/gif
date: Sun, 04 Feb 2024 23:42:41 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://eb2.3lift.com/xuid?mid=3658&xuid=4b8758b0-4de2-4908-a0bc-c5e5b724f4a3&dongle=0cfd&gdpr=0&gdpr_consent=
date: Sun, 04 Feb 2024 23:42:41 GMT
server: Kestrel
content-length: 251

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4950 0
20 B 95ms
94ms Ping
image/gif 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=802561139211&version=m202401290101&ct=119&x=1&cor=13678582732844595000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Feb 2024 23:42:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 133ms
132ms Image
text/html 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202401290201&jk=2384352275948271&bg=!q6ilqOfNAAa8BdJLnAU7ADQBe5WfOD_70lXtFUnfNr_r4DBtZCss6mjWI97fwprhTebdP99csNYlC6Ex-glsWdjMN0m-AgAAAN5SAAAABGgBB5kCuzOG9tdCVvzMqVsz9D7OHb__XPdpP5o9rp7KclFp2iQTMBpv53IcaOQTlYZ4bonLqzueARWf--LgCRm5IzirkG80yI_kpfxmFqO1DxmUPuWb7OUq4TS0_EvbUklT5fc4KKDHTojpwXB6cjp7UsAi1YCAKJVsb3OlpGK110CUfxivTgTzlauT3YuNTM_qpLF9RnHWOeadYoxCKv9QsAt8wdiuHy0oXhhRoRgnu7060e4nQR9gUtvU8uv1ZnxF7lx5xAqJorkEAAGg69atRc381saJ3qzO9BKsf0gQxixzi_ijecuxFxaxMWzVRp5ovHpI8v7uEi7wY0FBJKLXwOiwhziIy-wCrnuDA5ewKNiwByiKbObt1fG7vL4XhYxxI6oKSHWTR1hZBfKizGBIOLSQts9GshZAVFxMsG-Oauaw8aj2dcX-AY81XK0bZlSPA4xWK6FxZm3R-F1hj4cqFSnIzcbpd16-iQ9uwyusoLJYsiCq00H0sOcWbwDub6_k_SObl_MdoeVIYUQNPUrH8cwgj8HH9uEvcXErXoNYMdSxX-sgi4HTPRdbB8_wJlfqftFfXOGZr39Hrbn1PJiBkWp-4AX8IV9cwORvXHPFZNG-Kv1KCI9UFLhsx4Tarr_ZHG13RSBMb8P1cUBReTtgS4jrnmngZOjZr4ghRWHQb5J3p5dtbcMHFtZiWKfCcQbz_yCfwGTchtHngGV9jWSgQh6DxQ_nwNP0jM6HStPB6a0cd7h4EfEv4I4iPgcPRv-GcMD4F9cCrmsY40MX6zWxPVWQj3LPVF6X_Nkw-gTNh4N_Pt2EtZKuhVUoBApts5ZE83HOyIfFK55LHI3cLwCDsRgAN3_4IOw9wRQQw8Gkx9AUqTLStP7nqE1kLwdj1dt3arS6ZN83rHYPWJZ1AC26Sm4pjLJ9nd420Usb2XYR0Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:809::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

POST
H2 200 track
a.et.nytimes.com/ 0
0 101ms
101ms Ping
text/plain 52.203.246.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: g.112388.xyz
URL: https://g.112388.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.203.246.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-203-246-132.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://g.112388.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 ping
pnytimes.chartbeat.net/ 43 B
200 B 58ms
57ms Image
image/gif 54.243.156.193
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pnytimes.chartbeat.net/ping?h=video%40nytimes.com&g=16698&p=https%3A%2F%2Fvp.nyt.com%2Fvideo%2F2024%2F02%2F02%2F115301_1_00gaza-vignettes-hp-promo_wg_720p.mp4&i=&g0=Homepage&u=Bd8YTZDZQCdU94rLz&t=zOTiGDmT39WDWj5xsDWL-9fD_1r5X&x=0&y=0&V=143&VS=H5&n=1&b=4376&_vd=25055&_vi=The%20New%20York%20Times%20-%20Breaking%20News%2C%20US%20News%2C%20World%20News%20and%20Videos&_vp=nytimes.com%2F&_vh=g.112388.xyz&_pu=BB0jYnBOiWNHC4cEDV&_pt=gk0hqDKv7qFCcPPhLBr07VSB0wJS-&_pr=&_vdd=nytimes.com&_vt=ct&_vs=s2&_vcs=1&_vbr=-1&_vvs=5.326&_vpt=5070&_vaup=auto&_vce=5&c=0.09&W=0&R=1&I=0&E=5&j=20&tz=600&_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.243.156.193 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-243-156-193.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-US,en;q=0.9
Referer: https://g.112388.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 04 Feb 2024 23:42:43 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-length: 43
expires: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: samizdat-graphql.nytimes.com
URL: https://samizdat-graphql.nytimes.com/graphql/v2

Domain: als-svc.nytimes.com
URL: https://als-svc.nytimes.com/als?uri=https%3A%2F%2Fwww.nytimes.com%2Fpages%2Findex.html&typ=&prop=nyt&plat=web

Domain: samizdat-graphql.nytimes.com
URL: https://samizdat-graphql.nytimes.com/graphql/v2

Domain: purr.nytimes.com
URL: https://purr.nytimes.com/v1/purr-cache

Domain: a.nytimes.com
URL: https://a.nytimes.com/svc/nyt/data-layer?assetUrl=https%3A%2F%2Fwww.nytimes.com%2F&caller_id=nyt-vi&jkcb=1707090156310&referrer=&sourceApp=nyt-vi

Domain: meter-svc.nytimes.com
URL: https://meter-svc.nytimes.com/meter.js?sourceApp=vi&messageComponentLibraryFallback=true&url=https%3A%2F%2Fg.112388.xyz%2F&referer=https%3A%2F%2Fg.112388.xyz%2F&pageviewID=o-AqkjuvZWgULz_8Q2mmKaPr&MessageSelectionAPI=real

Domain: samizdat-graphql.nytimes.com
URL: https://samizdat-graphql.nytimes.com/graphql/v2

Domain: samizdat-graphql.nytimes.com
URL: https://samizdat-graphql.nytimes.com/graphql/v2

Verdicts & Comments Add Verdict or Comment

122 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

42 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.3lift.com/sync	1970-01-20 20:21:06	Name: sync Value: CgkIOhDc2oK01zE=
.nytimes.com/	1970-01-21 02:57:06	Name: nyt-a Value: rktk8N1fREuHkVXJweuOjsy-
.et.nytimes.com/	1970-01-20 18:11:31	Name: sessionActive Value: true
.et.nytimes.com/	1970-01-21 02:57:06	Name: sessionIndex Value: 1\|1707090154287\|rktk8N1fREuHkVXJweuOjsy-\|1707090154287
.et.nytimes.com/	1970-01-20 18:12:56	Name: et-ppvid Value: https://g.112388.xyz/=o-AqkjuvZWgULz_8Q2mmKaPr
.scorecardresearch.com/	1970-01-21 03:47:30	Name: UID Value: 121d87b35c3556ddc506e931707090155
.openx.net/	1970-01-21 02:57:06	Name: receive-cookie-deprecation Value: 1
.casalemedia.com/	1970-01-21 02:57:06	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-21 03:47:30	Name: receive-cookie-deprecation Value: 1
.rubiconproject.com/	1970-01-21 02:57:06	Name: khaos Value: LS85EJ07-12-2JUJ
.rubiconproject.com/	1970-01-21 02:57:06	Name: audit Value: 1\|tcR/wBEzWcIkuJ1EWd+jnKS5Bv7H1ouoxdnNVF8ci15QbDgHMhLCw42ls/PH4ze0l1rzb1ovbMUupCFhFjPpVNoy+mh9GtMO1WrVBtvQnDW+xUA9sgf/4bKpUjWTmmg0
.112388.xyz/	1970-01-20 20:21:06	Name: _gcl_au Value: 1.1.1084755029.1707090157
.doubleclick.net/	1970-01-20 22:30:42	Name: receive-cookie-deprecation Value: 1
.112388.xyz/	1970-01-21 03:40:18	Name: _cb Value: BB0jYnBOiWNHC4cEDV
.112388.xyz/	1970-01-21 03:40:18	Name: _chartbeat2 Value: .1707090157924.1707090157924.1.7bakUYhYb_C8APrmBhcwnfp74jm.1
.112388.xyz/	1970-01-20 18:11:31	Name: _cb_svref Value: external
.112388.xyz/	1970-01-21 03:40:18	Name: _v__chartbeat3 Value: Bd8YTZDZQCdU94rLz
.112388.xyz/	1970-01-21 03:33:06	Name: __gads Value: ID=187eb9c3eafa26c2:T=1707090157:RT=1707090157:S=ALNI_MbIOt3O2ZNc01DaXxdcTgxAxkBvEQ
.112388.xyz/	1970-01-21 03:33:06	Name: __gpi Value: UID=00000a0b7199371f:T=1707090157:RT=1707090157:S=ALNI_MYSR7XFHYCaHnGNZjnKeqcU1tMosg
.112388.xyz/	1970-01-20 22:30:42	Name: __eoi Value: ID=86bd0bada564c349:T=1707090157:RT=1707090157:S=AA-AfjaQJ5-9LZztO10FYvLTkiuV
.g.112388.xyz/	1970-01-21 02:57:06	Name: datadome Value: MfQwa9QXIQRY3UrfagPkBctZwFkCfRhAnfqFj~kO4e2R1x2J02Z1vq1CWroqMfRhwQQ0TtMESUQ1chjekHKQj~3HJngp3KU5ulAsfRwfgP6370wPs6Vxwtl7Vu49OB0m
.doubleclick.net/	1970-01-21 03:47:30	Name: IDE Value: AHWqTUmA29pj8QUl1M5MYXVrja2ptYsJ0w9yxyb2Z_CQc542rV9aG2YSuq7LzVW4
.adnxs.com/	1970-01-20 20:21:06	Name: XANDR_PANID Value: YEZeoWmBP4qqlmJV0CGCcmpen2AbZEj8Er5Q8I2KJhEqEq6jkGWe-3xez-_0vOr7v2Cu9ZNVcdY87azziQZ4jYsV0wPHEJCXUdEKfe3Bdcg.
.adnxs.com/	1970-01-20 20:21:06	Name: uuid2 Value: 395395255298200502
.casalemedia.com/	1970-01-21 02:57:06	Name: CMID Value: ZcAg7m0U58nwuBiLQYCqrgAA
.casalemedia.com/	1970-01-20 20:21:06	Name: CMPS Value: 1577
.casalemedia.com/	1970-01-20 20:21:06	Name: CMPRO Value: 1577
.doubleclick.net/	1970-01-20 22:30:42	Name: APC Value: AfxxVi4-GeS6406EyXkVNS1wGzkJKVLABtLrcGXoXvKc8XVw1ww6mw
.adnxs.com/	1970-01-20 20:21:06	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?)afc2o!1yIE`fS1ueD1W-044)d+]Uf^A07./q2B[CW@RG+BEDU0%SyK2Je]LdeF`cP(hw9P-HC_#tuIO+i2U
.112388.xyz/	1970-01-21 03:47:30	Name: iter_id Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhaWQiOiI2NWMwMjBmMGE1N2IwMDAwMDFlMzI0MzUiLCJjb21wYW55X2lkIjoiNWMwOThiM2QxNjU0YzEwMDAxMmM2OGY5IiwiaWF0IjoxNzA3MDkwMTYwfQ.hqylWkGddWiTr8btZNybshjBBH4wiAxYLyijSWiCVaM
.openx.net/	1970-01-21 02:57:06	Name: i Value: 4ac7cffd-1365-0fb6-18a7-f88d682e908b\|1707090160
.pubmatic.com/	1970-01-20 18:12:56	Name: KTPCACOOKIE Value: YES
.3lift.com/	1970-01-20 20:21:06	Name: tluid Value: 3708321666203272234021
.media.net/	1970-01-21 02:57:06	Name: visitor-id Value: 3500917601523663000V10
.bttrack.com/	1970-01-20 20:21:06	Name: GLOBALID Value: 2uKlc8-sIBd987FnJ3u_ZOX4A3cEX1T6cnc4nXTIIbuOOThtcIzFqYCymhzRnPIrIGr2ABPqJ5QC4TM1
.pubmatic.com/	1970-01-20 20:21:06	Name: SyncRTB3 Value: 1708214400%3A220
.pubmatic.com/	1970-01-21 02:57:06	Name: KADUSERCOOKIE Value: 1492831A-3F7D-4A88-B808-9A2D41BBC493
.adsrvr.org/	1970-01-21 02:58:32	Name: TDID Value: 4b8758b0-4de2-4908-a0bc-c5e5b724f4a3
.adsrvr.org/	1970-01-21 02:58:32	Name: TDCPM Value: CAESFgoHc3Z4OXQ1MBILCN7Oyamg-dI8EAUYBSABKAIyCwjA0f7VtvnSPBAFOAE.
.pubmatic.com/	1970-01-20 18:12:56	Name: pi Value: 163427:3
.pubmatic.com/	1970-01-20 20:21:06	Name: chkChromeAb67Sec Value: 2
g.112388.xyz/	1970-01-20 18:11:31	Name: _dd_s Value: rum=0&expire=1707091054724

157 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'browsing-topics'.
javascript	error	URL: https://g.112388.xyz/(Line 238) Message: Access to XMLHttpRequest at 'https://samizdat-graphql.nytimes.com/graphql/v2' from origin 'https://g.112388.xyz' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://samizdat-graphql.nytimes.com/graphql/v2 Message: Failed to load resource: net::ERR_FAILED
other	warning	URL: https://g.112388.xyz/(Line 264) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/(Line 264) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/(Line 264) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/(Line 264) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
javascript	error	URL: https://g.112388.xyz/(Line 264) Message: Access to XMLHttpRequest at 'https://als-svc.nytimes.com/als?uri=https%3A%2F%2Fwww.nytimes.com%2Fpages%2Findex.html&typ=&prop=nyt&plat=web' from origin 'https://g.112388.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://als-svc.nytimes.com/als?uri=https%3A%2F%2Fwww.nytimes.com%2Fpages%2Findex.html&typ=&prop=nyt&plat=web Message: Failed to load resource: net::ERR_FAILED
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
javascript	error	URL: https://g.112388.xyz/ Message: Access to fetch at 'https://samizdat-graphql.nytimes.com/graphql/v2' from origin 'https://g.112388.xyz' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://samizdat-graphql.nytimes.com/graphql/v2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://g.112388.xyz/ Message: Access to fetch at 'https://purr.nytimes.com/v1/purr-cache' from origin 'https://g.112388.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://purr.nytimes.com/v1/purr-cache Message: Failed to load resource: net::ERR_FAILED
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
javascript	error	URL: https://g.112388.xyz/ Message: Access to fetch at 'https://a.nytimes.com/svc/nyt/data-layer?assetUrl=https%3A%2F%2Fwww.nytimes.com%2F&caller_id=nyt-vi&jkcb=1707090156310&referrer=&sourceApp=nyt-vi' from origin 'https://g.112388.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://a.nytimes.com/svc/nyt/data-layer?assetUrl=https%3A%2F%2Fwww.nytimes.com%2F&caller_id=nyt-vi&jkcb=1707090156310&referrer=&sourceApp=nyt-vi Message: Failed to load resource: net::ERR_FAILED
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
javascript	error	URL: https://g.112388.xyz/ Message: Access to fetch at 'https://meter-svc.nytimes.com/meter.js?sourceApp=vi&messageComponentLibraryFallback=true&url=https%3A%2F%2Fg.112388.xyz%2F&referer=https%3A%2F%2Fg.112388.xyz%2F&pageviewID=o-AqkjuvZWgULz_8Q2mmKaPr&MessageSelectionAPI=real' from origin 'https://g.112388.xyz' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://meter-svc.nytimes.com/meter.js?sourceApp=vi&messageComponentLibraryFallback=true&url=https%3A%2F%2Fg.112388.xyz%2F&referer=https%3A%2F%2Fg.112388.xyz%2F&pageviewID=o-AqkjuvZWgULz_8Q2mmKaPr&MessageSelectionAPI=real Message: Failed to load resource: net::ERR_FAILED
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
javascript	error	URL: https://g.112388.xyz/ Message: Access to fetch at 'https://samizdat-graphql.nytimes.com/graphql/v2' from origin 'https://g.112388.xyz' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://samizdat-graphql.nytimes.com/graphql/v2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://g.112388.xyz/ Message: Access to fetch at 'https://samizdat-graphql.nytimes.com/graphql/v2' from origin 'https://g.112388.xyz' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://samizdat-graphql.nytimes.com/graphql/v2 Message: Failed to load resource: net::ERR_FAILED
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://vp.nyt.com/video/2024/02/04/115332_1_04vid-chile-wildfires_wg_1080p.vtt Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://g.112388.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5290727.fls.doubleclick.net
a.et.nytimes.com
a.nytimes.com
a1.nyt.com
aax.amazon-adsystem.com
ade.googlesyndication.com
adservice.google.com
als-svc.nytimes.com
bttrack.com
c.amazon-adsystem.com
cdn.brandmetrics.com
cm.g.doubleclick.net
collector.brandmetrics.com
config.aps.amazon-adsystem.com
cs.media.net
dd.nytimes.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
eb2.3lift.com
fastlane.rubiconproject.com
fe4c14b8758f4e700d83497000ac6560.safeframe.googlesyndication.com
g.112388.xyz
g1.nyt.com
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gw.geoedge.be
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
image2.pubmatic.com
image8.pubmatic.com
iteratehq.com
match.adsrvr.org
meter-svc.nytimes.com
nytimes-d.openx.net
pagead2.googlesyndication.com
platform.iteratehq.com
pnytimes.chartbeat.net
prebid.media.net
purr.nytimes.com
r1---sn-q4fl6ndl.c.2mdn.net
rtb.openx.net
rumcdn.geoedge.be
s0.2mdn.net
samizdat-graphql.nytimes.com
sb.scorecardresearch.com
securepubads.g.doubleclick.net
static.chartbeat.com
static01.nyt.com
tlx.3lift.com
tpc.googlesyndication.com
vp.nyt.com
www.datadoghq-browser-agent.com
www.google.com
www.googletagmanager.com
www.nytimes.com
a.nytimes.com
als-svc.nytimes.com
meter-svc.nytimes.com
purr.nytimes.com
samizdat-graphql.nytimes.com
104.18.36.155
104.36.115.111
108.138.106.70
108.138.129.160
108.139.47.33
13.225.68.133
142.250.65.162
142.250.65.194
142.250.72.98
142.250.80.70
151.101.129.164
151.101.193.164
162.248.18.37
172.64.151.101
18.238.48.238
18.238.55.123
192.132.33.68
20.40.202.2
23.197.184.18
2600:9000:210b:f800:10:43f:4352:ad61
2600:9000:24f1:3a00:18:1fcd:353:c61
2600:9000:2511:600:4:b37b:9440:93a1
2602:803:c002:200::32
2606:4700:20::681a:7e5
2606:4700:20::ac43:479c
2606:4700:20::ac43:4842
2606:4700:3031::ac43:870a
2607:f8b0:4000:1f::6
2607:f8b0:4006:809::2002
2607:f8b0:4006:809::200e
2607:f8b0:4006:80d::2002
2607:f8b0:4006:80d::2004
2607:f8b0:4006:80e::2002
2607:f8b0:4006:80f::2008
2607:f8b0:4006:817::2001
2607:f8b0:4006:824::2002
2607:f8b0:4006:824::2006
34.120.63.153
34.98.64.218
35.186.253.211
44.195.146.220
52.203.246.132
52.223.22.214
52.223.40.198
54.166.83.173
54.243.156.193
68.67.161.182
8.28.7.82
00e303a9768acc9cff3ac50951585b7ae832aef28ead570394fc2448c92613d5
03656ff565d2cc90c3b8f2c1963c5804304e5d9dc796e920db21a6db906a942d
04247f45e4298b818db5d6161620f2b9ee1d782aa4560a45f5765c41c672d6a8
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
057bedef2d5ba646488aad189d199167ab6fdfba5ba5071706f06a0cbd77dfa5
06276214001978a8f3382e91ec5fadf2bd507f174f950e8cdeca4a0e91f170a9
062ca1252e35b1dded0e404cac8925e32b9b82879171af32233b075027c30126
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
084af16796acc3ed9cc882b551d369f7d8de1b8c6481ff6137b1ac37dcd8cab1
0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64
095a2050fffeee67efcc5dffaa579dd76fe3916b3de4c384aa037acca45d9c9f
09bff184ea094a06e46d7f26512fd7b245304078a27f1ba8084488cbcf7704de
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b904723c5938b523c9ae329ba2b763681cb1de225c8f202d11012cbfd533f1f
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0d83283563d7c546842e4e2bef1ecdee3db0ade306ef9fc7bf717b87e2107ac3
0da22d15487f31b2f17d682d48f4a453128d5e8e8cdfe055d9f0545d09ecf532
161376c4f90d4e97682e18c3363465dd9dffd7c346a24961b1b563862f59bd09
1a48c22120ff01abb38156633970addec986b69af1e59bfaf9b8abb6673f78c7
1b077c79d2669e5065c4e9b1ae880cd4fef6eb24d52cb1cb47964135e280ed86
1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3
1ecb1f9522433be3adfad377816095c7d5b27d02c1efbbbb793e341b829d83d9
1f1421db15b73381ffaf585d800f65425e0b0b6c870b49a2c0476cd08d64f940
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
264062387185aeac238d90328f12342a4dac123baa47d7981dc2797a43dd39ea
27141b3b405cc996997629f3e4e561247b42b1bdbbb9e3a53b09c45bd5c5d135
29706c4ab8f4d48b33ccb0ea813f8afb5f7ac569f623536b96fba6cf1fc60e9b
299d2fa755a26bd5007a26fdf65958b73598c74456b1d81cd72244e54b8a6dcd
29bfea73ad113ebd150a7f76415f7b650e2583087a9dab43546c61d0998a0415
2d1e562b7d991619ddc38e9166e7856b5f2db4b3c60977d6e4e86eebba560d04
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
352b9e243c2e3a49a49cb8bc8df84d0a04183bbc3eac33a0476c9a11ff9e352d
379fd9a2c823eb341d0d4bbded9c5bbe34024c2992cf51588c3b8ace1db562c8
37b1a1db4e8015e8b99350588f0cc73f73b77339fd2c143dc4b3d3bf18c02fcd
38333035595b62181536e9b4cdb257daa65a3e5ee70078a44399fa7e0f2750df
39bc2f03b0b4798db6fb14405be09ec727e727e16ddb5e1c1a4fae724ebb3ddb
39cf8f3e75a89a6c2fda31792f7a450bf241bd79613182bcbeecd67d8616fbcf
3a97d7e2b2a744b06c4860981b48cf1a6f1a4046e48270bf825cf9a90b1f3636
3c3bb445a65f00a954fc1e0d957690acc408f2e9904ef44d033e87f65e7160fa
3e99cc00c52afca0a9c6a4bcbc440dec602e194e04eba329850b57c16283779e
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
45c3418da37950410f8367bb9173310ac9bdb73638d297a0e802dc3910fb2738
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
481db71050f1234ac9c3e73de63d5755c2c9318f78b44712ec890b9903bb7410
4a510268179ca6b5136fc166ed81a1b67e2d89b58b58cab897d2b97356bd0580
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b7da2057c3a37a4c49b313a989f78fbc91ba50ba03725afcde21477b56d3378
4c7e66d672ad01d9a4b945bb09097d6776e2c05383c48f6c64aba44cc24fe96a
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4eb4d79169579cf2ade4f692f5a2350cd22cc726b21b95b660516c17789f2a4c
4f837869b80c34ed1a128362a6ed24ff5ebdae743dc55eb3c183ae9c8b5f4ca3
5089baeb4708c5f0eba95833417b8ab4c976bbc728aea5e93656c7be63e63c0c
517828fddc95d297924c765a5978a3a95bde56ccbc5f7b26b98365a9bf33c81b
52c1269f57bc3b5b121595f104302322f9b8f0a23b5f550da9c5d1ccc7704309
53e637909208e211f753b68ab0cb2312abfb528b9920e8a3b6eddcb89eb861cd
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
560840d26c66d01e35e8257c2599e4d6ff81fb45082ac051cbfb0fb835657951
564385e5dd8a1058fd759445c33b2c554d409528496b9d91533eeb079f6415de
577daca611b9ae7cc68fd26e230bd20d1f5659998cf988fccab9eb17bf7bd1fc
57bc281be64ff5ec8e3c2258640df6097a32f08ac5a2c346f214300eb430f176
5d711a21ef5a82e9423c6c32b6a59497a123834f17605833a8a7e320dceb6da7
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
5ed9e9f81abee651d7645c6ae932a099ff7595eb893df2bd66306c818adf5a39
5f0f18dd0226fe1cf14e136e90b50c29b618fb78b01de9d527099e3a779b43f1
6072e1ff94b58909088a8cfa89e9166d37a547aefdd3395baaa7539974a939cb
612414151e0b7f8ab5b7e572fe287acf1202084cda302adb8522397f462ba305
6139dddd3b6b6b847bccd476918dc8fb4f4f5a10908e5707c704f155e0918e84
61987b71501afac79b03e8baa611020d395a37e824fd2360e7831443a305e71d
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6292d47914f9b1671e0c7b3076ea35aa0127785ed01ae8df56f534171114b08a
63185150d548537c5a50ae1a6c8e109a1e85bc4a89156a7445a3d83cdae1c18f
66c5b51b595d5e53e089c2693a614e74e3d98d6834675ecc438848b984dfa1d7
66debd0db62a3f53e72503a053f862b586a886e6a399fd8243b5e0180d304dec
674df8ae84c378c3767564e377293d2667c290f245529ac1d06bcf8a36da6ac8
6791cc75d90534df1e53ff0d9c75460de78ef9bd6dafaa5fe4d2c7e2073a515f
6987fdf47bf0b1d3b4d3b5654eeb6461ef62f2e68ffda7ad91a140e9397f0256
7065a2ec4d3eef56b6e67c96b52f5132184c8f5111742aae0be310c774b16e5d
7184f94de6059eb2acabe5ca2b8d4dee7ce2817a5c69de917b8c987a38a58c60
71b2f4fee2ed4163e1ef309ca22a8a108aab0ba7cfb535d38b33c1ec3718836a
7bcb7821de552f113d3860ff70976313a3d5af5ba03793f5c00b502b2c4c0939
7c11193952e3a7f5c5887a688239ba863628181c0a55f8bc3ab687ff755c1a33
7dcbc19c68e87e4b23f85027e02ac7f3c89fa259973ec92bbe27e49ad002bf47
7e76ec11f2baa0f7948d92891718df73970877050a5b48e2b6fb9b340378a2d1
815e85139cc9a73d4233ca7620d3aea96bd46da73c96ef98f9f6217747252861
81cfe39d237661ec6ba52a194fb2593437452ffe4754a274437482f141720e3c
84af93c376277b2fb1c7962b45ce84e1e0a31202815ceb873bd980df4378f62b
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
8a6bd1e9706f15358fb636bb52f69b755d936a79adc1e5056c439cd59cbb41ee
8aa1e610b22079cb84a89491850b86860036e3f2c9750a367d839b9a6a63d306
8aca80728030390ca27a845ca99c8e6bd9174aea22b4060971d1a0ea9a8e9454
8b84ebfbd15694400df12827c578baf3e0d64b86b13222a7d27a536e236dcb6c
8d75f1a219925f06ea89399d437ef59d3a20faef18bef523a292a5d2d50b0389
8de57ccc597a47f4e5d327cbf0da94ef7fd133cfedd48f54d65841af6dd9e526
9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287
922a4c224d2a5acba49effd511ac46c69297624b2ce0c0477530b9bb2d8487d5
9377e1ed8c646a7ae8b8b570821baf287765c047e9dab20fa71a4eb76a40c294
94d8b663df54b8d00643cb8a84823af0a5bd93c3e491e227b7996246e1677373
9598017c8fd717e1850704f5ecc3acce7888e24b9a152ed5557dad1003efa2ba
99013b5f831f3762b1a2648e07bb3116d914c5b1539bdf4fe0634602cc26b19e
9a43ab8056183a8efcf0e882990c2601381a735e02bba004439e010055c55d47
9ad5c1071dfc2fc7cdfe1b3cdf2ef9fbd55f3504d8718d236a34472d8f67b604
9e1f9f8bbd19cd1790e2bb9a069adb1bcca3d9f41cf78631de28569efa8bd43d
9e4f1d4bec050ef777e2ea447a00d046c77c7a5c1ad2ee637b943791fd408a40
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a2426bfabd534ec0c5a4e2e96cd0a5b9fd87accdc0837a6310d505360098e69c
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a7fc07410c0a1a92a36a72e3f93526ec79d13ff4b8405ee5d8788425eabce71e
a88615dd5a9d09d0c89d75dc659dae7de6e301c44be64b3456d09cd9876b4631
ac3c156a0e6cc290e315b2cf97ce75c4ce23417e33628e964196ea3fcd2cfffb
ad01b93ecf6b0b442902d27ae93b6af83a92784a05455b81490512a3d5d8b08b
ad22af17099959c6c05cc8f11cfac5e225e81216a65e70f296bfca34b60e9789
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b32e3879c83af441e675efa49587cb894bdd3c10420475f79879fbfb7a69766b
b49a5061864b4b935b6055a17db8704dfb40f092ab777c9e2d578f195fc7c38c
b5221e0636a97505ae38720d4ef182d35be5fb47d2628428db4fc918ab7ee30e
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bcbbfe66a2e17c1dbc127ccea0f4fec035d42d51d1741332275026e291d79be8
bcdaa8b0e5b0f57f19d17de2c58d7206e3d275da122a0d4e3176a67257595b5e
be6fb59833ed545e706a68b32222ef1474f9ef93d86c1844aa4532c35e3d4efd
c00310f91c044c8b739a5ff3a749597f991a3643251039e21acdfc12ece1b331
c11d50a1918e615029f239580a1d4a1aa32328fdd6149225cc74e411c84db96e
cc40ca501d6b503b1aaaea29cad8cd180098c7336679a39b09b1f89a5ce99150
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf9ae4044157011ddd7fcaebdd061f5457b6996bec08d166ca9bdcb706e10de4
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
d3e01a24e357418c6b81f191cdc6fedf29f78d0b8002725c1f9b3e2d4d9233cf
d84037bada82c8af096c750483248eb827b621c42236f3b687cc07c2f93d6dbe
d9cf48015447f4a3991c67448b856b09b78927711921cb57fa626a66472177d2
dca6cb4eddb8011fd900ed609b91b1a4f372aa00201c2e97bfd4474564371478
ddadd6c5b81b2f4224d75af6cd67b2ab9e951e690ede5d1e4e1222474aa55704
de8a40e056b4168309db73b3f4b111d273a3833adbaf6b536da8357478f89986
de9e0de16743ce5453503ea556a0a9d39b834ff4b765aa1161621e840cdf4715
e0139b4af8c8fdc04b4c6f7e7bb060380a3fa688f6bd702d0ac28b75984cca11
e1dc1e91911ee28b187d698d67ef13b37468a85465ceca5dcfb7d1c5aa88aa5b
e33b8407c21f47e7c990edcb66dcf85406e8955ea0f85432539d5b706870cbc9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e444fdaa833e612d239cf21a335b8322ad8cb7c7ba697ec978bdb454f5059519
e57d1cae3a8e67236e58c0ec7c656c4c85c1721466c0007d34cc028b688a175e
e73dc92ae23f5d38f1c7e0e0fd3dc6124dfaaadb507a8a2921a3191ffd146ae1
e8abad653146202c788eb7b05992860760c87f85367894c4fefc3378a480c6c9
e943ae8b36c3231e6f807ce3c017ff4e402a01525cd4056b13f2b3b55df4c344
ea939bd13d79a17cc436d4c3e102d4060cb7ebf0e8e61918f3d034580dff02b9
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
eb66d19d76b2a591f290eb9cbefa2faf0a2c8f90b124cb937270ab4b8adee08e
ed0e7e64215a9663152e2d5c1c9a5ba0fe76c9f5de3dfe71bf45f0a64e977c69
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1fd7964d738926046b207a7c8ac57250afdefabc84fe7efc836766f7bd5dbef
f8288ebf2ea62ff43051047943139a9c18976421f47c57f5072f8f25c92be22e
f92d409454f07d130a17a8a40694683700fa7908f77519aa3fd6ed6bf08a43af
fa403396216964ac52859247b325178d57d409042abdf5aac8a69fac378fc267
fc8de78825109f4892247c30fd321636abb5025adfeef190e1ed79a216813bde
fe87d3b4e6e6a32c37a1eb2ea77266c29ecc4891c1ba51ec95e9a000514240a5
fe8d5a6f12533884b6896dd290e422c830e86e0228d45dbe97ac03c6e86a5b5a
ff8b258c6693fee122ffdc2f152132bc3cb1414c398652f748d59a17706aaec4

g.112388.xyz Open in urlscan Pro 2606:4700:3031::ac43:870a Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

205 Requests

90 %HTTPS

38 %IPv6

25 Domains

57 Subdomains

45 IPs

2 Countries

4452 kBTransfer

18806 kBSize

42 Cookies

288 Outgoing links

Redirected requests

205 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

g.112388.xyz Open in urlscan Pro
2606:4700:3031::ac43:870a Public Scan

Screenshot
Live screenshot

Full Image

205
Requests

90 %
HTTPS

38 %
IPv6

25
Domains

57
Subdomains

45
IPs

2
Countries

4452 kB
Transfer

18806 kB
Size

42
Cookies

205 HTTP transactions
4 data transactions